CVE-2010-1249 — Code Injection in Microsoft Excel

CWE-94 — Code Injection9 documents3 sources

Severity

9.3CRITICALNVD

EPSS

64.9%

top 1.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Office Microsoft Office Compatibility Pack

Timeline

PublishedJun 8

Latest updateMay 2

Description

Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/excel2002, 2003, 2007+2

▶NVDmicrosoft/office2004, 2008+1

▶NVDmicrosoft/office_compatibility_pack2007

🔴Vulnerability Details

GHSA

GHSA-vvj8-288w-f65x: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD↗2022-05-02

▶

GHSA

GHSA-v45p-39v7-r2qm: Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote↗2022-05-02

▶

GHSA

GHSA-prhp-4vw3-h923: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Form↗2022-05-02

▶

CVEList

CVE-2010-1247: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD↗2010-06-08

▶

CVEList

CVE-2010-1249: Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote↗2010-06-08

▶