Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1246Code Injection in Microsoft Excel

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
61.4%
top 1.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Excel
Timeline
PublishedJun 8
Latest updateMay 2

Description

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/excel2002

🔴Vulnerability Details

2
GHSA
GHSA-jq2m-6m3q-p6ww: Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RT2022-05-02
CVEList
CVE-2010-1246: Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RT2010-06-08

💥Exploits & PoCs

1
Exploit-DB
Excel RTD - Memory Corruption2010-09-10
CVE-2010-1246 — Code Injection in Microsoft Excel | cvebase