CVE-2008-4019

15.10.2008, 00:12

Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability."

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C
microsoft	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Vendor	Product	Version
microsoft	excel_viewer	-
microsoft	open_xml_file_format_converter	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://secunia.com/advisories/32211

http://www.securityfocus.com/bid/31706

http://www.securitytracker.com/id?1021044

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

http://www.vupen.com/english/advisories/2008/2808

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057

https://exchange.xforce.ibmcloud.com/vulnerabilities/45580

https://exchange.xforce.ibmcloud.com/vulnerabilities/45581

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://secunia.com/advisories/32211

http://www.securityfocus.com/bid/31706

http://www.securitytracker.com/id?1021044

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

http://www.vupen.com/english/advisories/2008/2808

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057

https://exchange.xforce.ibmcloud.com/vulnerabilities/45580

https://exchange.xforce.ibmcloud.com/vulnerabilities/45581

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102