Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2010-0824 — Code Injection in Microsoft Excel
Severity
9.3CRITICALNVD
EPSS
61.4%
top 1.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 8
Latest updateMay 2
Description
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages3 packages
🔴Vulnerability Details
6GHSA▶
GHSA-mf23-rh92-325x: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Form↗2022-05-02
GHSA▶
GHSA-8fh9-fccm-v79p: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac all↗2022-05-02
GHSA▶
GHSA-wp6h-4j7c-vh23: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel fi↗2022-05-02
CVEList▶
CVE-2010-0824: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel fi↗2010-06-08
CVEList▶
CVE-2010-0821: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Form↗2010-06-08
💥Exploits & PoCs
1📋Vendor Advisories
1Red Hat▶
MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007)↗2010-07-09