CVE-2010-3237Improper Input Validation in Microsoft Excel

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
56.3%
top 1.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Office
Timeline
PublishedOct 13
Latest updateMay 14

Description

Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel2002

🔴Vulnerability Details

2
GHSA
GHSA-w9w5-9fqq-8956: Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code2022-05-14
CVEList
CVE-2010-3237: Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code2010-10-13
CVE-2010-3237 — Improper Input Validation in Microsoft | cvebase