CVE-2008-4266 — Out-of-bounds Write in Microsoft Excel

CWE-3993 documents3 sources

Severity

9.3CRITICALNVD

EPSS

59.3%

top 1.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Excel Viewer Microsoft Office

Timeline

PublishedDec 10

Latest updateMay 2

Description

Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/excel_viewer2003

▶NVDmicrosoft/excel2000, 2002, 2003+2

▶NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

GHSA

GHSA-xg67-p862-jx9m: Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; an↗2022-05-02

▶

CVEList

CVE-2008-4266: Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; an↗2008-12-10

▶