CVE-2010-3233Improper Input Validation in Microsoft Excel

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
63.0%
top 1.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Excel
Timeline
PublishedOct 13
Latest updateMay 14

Description

Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/excel2002, 2003+1

🔴Vulnerability Details

2
GHSA
GHSA-jhrj-54c2-6vx7: Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a cra2022-05-14
CVEList
CVE-2010-3233: Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a cra2010-10-13
CVE-2010-3233 — Improper Input Validation in Microsoft | cvebase