CVE-2010-1252 — Code Injection in Microsoft Excel

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

57.3%

top 1.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Office

Timeline

PublishedJun 8

Latest updateMay 2

Description

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/excel2002

▶NVDmicrosoft/office2004

🔴Vulnerability Details

GHSA

GHSA-xpwq-w665-cf7c: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted E↗2022-05-02

▶

CVEList

CVE-2010-1252: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted E↗2010-06-08

▶