Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0113Code Injection in Microsoft Excel Viewer

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
66.5%
top 1.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Excel Viewer
Timeline
PublishedMar 11
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-fm88-xwm2-f8g5: Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel2022-05-01
CVEList
CVE-2008-0113: Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel2008-03-11

💥Exploits & PoCs

1
Exploit-DB
Microsoft Office XP SP3 - '.PPT' File Buffer Overflow (MS08-016)2008-03-30
CVE-2008-0113 — Code Injection in Microsoft | cvebase