CVE-2008-3003Improper Input Validation in Microsoft Office

CWE-20Improper Input Validation2 documents2 sources
Severity
6.6MEDIUMNVD
EPSS
0.9%
top 23.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedAug 12
Latest updateMay 1

Description

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:NExploitability: 3.9 | Impact: 9.2

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-6x7h-634p-8jfg: Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections2022-05-01
CVE-2008-3003 — Improper Input Validation in Microsoft | cvebase