CVE-2007-0031

Microsoft Excel - Heap-based Buffer Overflow via BIFF8 PALETTE Record

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0031. PoCs published by LifeAsaGeek.

AI-analyzed exploit summary This PoC exploits a heap overflow vulnerability in Microsoft Excel by crafting a malformed Palette Record, leading to a denial-of-service (DoS) condition. It modifies an Excel file to trigger the vulnerability when opened.

Description

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.

Exploits (1)

exploitdb WORKING POC VERIFIED
by LifeAsaGeek · pythondoswindows
https://www.exploit-db.com/exploits/3193

This PoC exploits a heap overflow vulnerability in Microsoft Excel by crafting a malformed Palette Record, leading to a denial-of-service (DoS) condition. It modifies an Excel file to trigger the vulnerability when opened.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Excel (versions affected by MS07-002)
No auth needed
Prerequisites: Python with pyExcelerator module · Ability to deliver the malformed Excel file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/31258
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/625532
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A753
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017487
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/457274/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21922
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0103

Scores

EPSS 0.4169
EPSS Percentile 98.5%

Details

Status published
Products (11)
microsoft/excel 2000
microsoft/excel 2002
microsoft/excel 2003
microsoft/excel_viewer 2003
microsoft/office 2000 sp3
microsoft/office xp sp3
microsoft/office 2003 sp2
microsoft/office 2004
microsoft/office v.x
microsoft/works 2004
... and 1 more
Published Jan 09, 2007
Tracked Since Feb 18, 2026