9.3

CVE-2010-0258

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftExcel Version2002 Updatesp3
MicrosoftExcel Version2003 Updatesp3
MicrosoftExcel Version2007 Updatesp1
MicrosoftExcel Version2007 Updatesp2
MicrosoftOffice Version2004 SwPlatformmac_os_x
MicrosoftOffice Version2008 SwPlatformmacos
MicrosoftOffice Compatibility Pack Version2007 Updatesp1
MicrosoftOffice Compatibility Pack Version2007 Updatesp2
MicrosoftOffice Excel Viewer Version- Updatesp1
MicrosoftOffice Excel Viewer Version- Updatesp2
MicrosoftOffice Sharepoint Server Version2007 Updatesp1
MicrosoftOffice Sharepoint Server Version2007 Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 71.44% 0.986
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

http://www.securitytracker.com/id?1023698
Third Party Advisory
Broken Link
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
Third Party Advisory
US Government Resource