9.3

CVE-2008-3477

EPSS 73.25%
Published 15.10.2008 00:12:15
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version5.01 Updatesp4

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Internet Explorer Version6

   Microsoft ≫ Windows Server 2003 Updatesp1
   Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium
   Microsoft ≫ Windows Server 2003 Updatesp1 Editionx64
   Microsoft ≫ Windows Server 2003 Updatesp2
   Microsoft ≫ Windows Xp Updategold Editionprofessional_x64
   Microsoft ≫ Windows Xp Updatesp2
   Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64
   Microsoft ≫ Windows Xp Updatesp3

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Internet Explorer Version7

   Microsoft ≫ Windows Server 2003 Updatesp1
   Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium
   Microsoft ≫ Windows Server 2003 Updatesp1 Editionx64
   Microsoft ≫ Windows Server 2003 Updatesp2
   Microsoft ≫ Windows Server 2008 Editionitanium
   Microsoft ≫ Windows Server 2008 Editionx32
   Microsoft ≫ Windows Server 2008 Editionx64
   Microsoft ≫ Windows Vista Updategold
   Microsoft ≫ Windows Vista Updategold Editionx64
   Microsoft ≫ Windows Vista Updatesp1
   Microsoft ≫ Windows Xp Updategold Editionprofessional_x64
   Microsoft ≫ Windows Xp Updatesp2
   Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64
   Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	73.25%	0.988

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

US Government Resource

http://secunia.com/advisories/32211

Patch

Vendor Advisory

http://www.securitytracker.com/id?1021044

http://www.vupen.com/english/advisories/2008/2808

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057

https://exchange.xforce.ibmcloud.com/vulnerabilities/45581

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746

http://www.securityfocus.com/bid/31702

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/45566

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5870

https://nvd.nist.gov/vuln/detail/CVE-2008-3477

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3477

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3477

EUVD