9.3
CVE-2010-0260
- EPSS 57.59%
- Published 10.03.2010 22:30:01
- Last modified 11.04.2025 00:51:21
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Office Compatibility Pack Version2007 Updatesp1
Microsoft ≫ Office Compatibility Pack Version2007 Updatesp2
Microsoft ≫ Office Excel Viewer Updatesp1
Microsoft ≫ Office Excel Viewer Updatesp2
Microsoft ≫ Office Sharepoint Server Version2007 Updatesp1 Editionx32
Microsoft ≫ Office Sharepoint Server Version2007 Updatesp1 Editionx64
Microsoft ≫ Office Sharepoint Server Version2007 Updatesp2 Editionx32
Microsoft ≫ Office Sharepoint Server Version2007 Updatesp2 Editionx64
Microsoft ≫ Open Xml File Format Converter Editionmac
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 57.59% | 0.98 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.