CVE-2008-0116

EPSS 74.38%
Veröffentlicht 11.03.2008 23:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Excel Version2000 Updatesp3

Microsoft ≫ Excel Version2002 Updatesp3

Microsoft ≫ Excel Version2003 Updatesp2

Microsoft ≫ Excel Viewer Version2003

Microsoft ≫ Office Version2004 Editionmac

Microsoft ≫ Office Version2008 Editionmac

Microsoft ≫ Office Compatibility Pack For Word Excel Ppt 2007

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	74.38%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://marc.info/?l=bugtraq&m=120585858807305&w=2

http://www.us-cert.gov/cas/techalerts/TA08-071A.html

Patch

US Government Resource

http://www.vupen.com/english/advisories/2008/0846/references

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014

http://dvlabs.tippingpoint.com/advisory/TPTI-08-03

http://www.securityfocus.com/archive/1/489430/100/0/threaded

http://www.securityfocus.com/bid/28168

Patch

http://www.securitytracker.com/id?1019586

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5212

https://nvd.nist.gov/vuln/detail/CVE-2008-0116

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0116

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0116

EUVD