CVE-2010-3236:excel, office, open_xml_file_format_converter: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 ...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3236

excel, office, open_xml_file_format_converter: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3236

Original

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-10-13

Source Information Category:

Advisory, Alert

Last Updated:

2010-10-14

Affected Product Tags

cpe:/a:microsoft:excel:2002:sp3

cpe:/a:microsoft:excel:2003:sp3

cpe:/a:microsoft:office:2004::mac

cpe:/a:microsoft:office:2008::mac

cpe:/a:microsoft:open_xml_file_format_converter:::mac

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

MS MS10-080

Vulnerability Type Input Validation (CWE-20)