CVE-2008-3005Improper Input Validation in Microsoft Office

CWE-20Improper Input Validation2 documents2 sources
Severity
9.3CRITICALNVD
EPSS
54.9%
top 1.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedAug 12
Latest updateMay 1

Description

Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-68jr-4mc7-f45r: Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitra2022-05-01
CVE-2008-3005 — Improper Input Validation in Microsoft | cvebase