CVE-2010-3241Improper Input Validation in Microsoft Excel

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
50.9%
top 2.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Office
Timeline
PublishedOct 13
Latest updateMay 14

Description

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel2002
NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

2
GHSA
GHSA-h2hx-5hmq-xm34: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format informa2022-05-14
CVEList
CVE-2010-3241: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format informa2010-10-13
CVE-2010-3241 — Improper Input Validation in Microsoft | cvebase