Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1248 — Code Injection in Microsoft Excel

CWE-94 — Code Injection5 documents4 sources

Severity

9.3CRITICALNVD

EPSS

62.3%

top 1.63%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Excel Microsoft Office

Timeline

PublishedJun 8

Latest updateMay 2

Description

Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/excel2002

▶NVDmicrosoft/office2004

🔴Vulnerability Details

GHSA

GHSA-wh7v-qcw6-mgpw: Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a↗2022-05-02

▶

CVEList

CVE-2010-1248: Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a↗2010-06-08

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Excel - WOPT Record Parsing Heap Memory Corruption↗2010-09-21

▶

Exploit-DB

Microsoft Excel - HFPicture Record Parsing Remote Code Execution↗2010-09-16

▶