CVE-2008-3006

CWE-3993 documents3 sources

Severity

9.3CRITICAL

EPSS

66.7%

top 1.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Compatibility Pack Microsoft Office Excel Viewer +1 more

Timeline

PublishedAug 12

Latest updateMay 1

Description

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/office_excel_viewer2003

▶NVDmicrosoft/office_compatibility_pack2007

▶NVDmicrosoft/office6 versions+5

▶NVDmicrosoft/sharepoint_server2007

🔴Vulnerability Details

GHSA

GHSA-hr97-4x5j-vc8q: Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office↗2022-05-01

▶

CVEList

CVE-2008-3006: Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office↗2008-08-12

▶