Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0822 — Code Injection in Microsoft Excel

CWE-94 — Code Injection8 documents5 sources

Severity

9.3CRITICALNVD

EPSS

80.4%

top 0.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Excel Microsoft Office

Timeline

PublishedJun 8

Latest updateMay 2

Description

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/excel2002

▶NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

GHSA

GHSA-f5f8-hv26-rgx9: Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac a↗2022-05-02

▶

CVEList

CVE-2010-0822: Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac a↗2010-06-08

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Excel - Malformed OBJ Record Handling Overflow (MS11-038) (Metasploit)↗2011-11-22

▶

Exploit-DB

Microsoft Excel - OBJ Record Stack Overflow↗2010-09-24

▶

Exploit-DB

Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (MS03-051) (Metasploit)↗2010-07-25

▶

Exploit-DB

Microsoft Excel - 0x5D record Stack Overflow (MS10-038)↗2010-07-14

▶

Metasploit

MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow↗

▶