Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1247Code Injection in Microsoft Excel

CWE-94Code Injection10 documents4 sources
Severity
9.3CRITICALNVD
EPSS
61.4%
top 1.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft ExcelMicrosoft OfficeMicrosoft Office Compatibility Pack
Timeline
PublishedJun 8
Latest updateMay 2

Description

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/excel2002, 2003, 2007+2
NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

6
GHSA
GHSA-vvj8-288w-f65x: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD2022-05-02
GHSA
GHSA-v45p-39v7-r2qm: Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote2022-05-02
GHSA
GHSA-prhp-4vw3-h923: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Form2022-05-02
CVEList
CVE-2010-1247: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD2010-06-08
CVEList
CVE-2010-1249: Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote2010-06-08

💥Exploits & PoCs

1
Exploit-DB
Excel RTD - Memory Corruption2010-09-10
CVE-2010-1247 — Code Injection in Microsoft Excel | cvebase