Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0112Code Injection in Microsoft Excel

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
71.9%
top 1.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft ExcelMicrosoft Office
Timeline
PublishedMar 11
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel2000
NVDmicrosoft/office2004, 2008+1

Patches

Patch: www.securityfocus.comPatch: www.us-cert.govPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-pv8p-26mj-qpw7: Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary cod2022-05-01
CVEList
CVE-2008-0112: Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary cod2008-03-11

💥Exploits & PoCs

1
Exploit-DB
Microsoft Excel - Code Execution (MS08-014)2008-03-21
CVE-2008-0112 — Code Injection in Microsoft Excel | cvebase