CVE-2008-0081

CRITICAL EXPLOITED

Microsoft Excel 2000 SP3-2003 SP2 and Viewer 2003 - Remote Code Execution via Crafted Macros

Title source: llm

Exploitation Summary

CVE-2008-0081 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit.

AI-analyzed exploit summary The provided entry is a placeholder with no actual exploit code, only a link to an external download (GitLab). This matches the pattern of suspicious repos that lure researchers into downloading potentially malicious files.

Description

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

Exploits (1)

exploitdb SUSPICIOUS

localwindows

https://www.exploit-db.com/exploits/5287

View Code ZIP pw:eip

The provided entry is a placeholder with no actual exploit code, only a link to an external download (GitLab). This matches the pattern of suspicious repos that lure researchers into downloading potentially malicious files.

Classification

Suspicious 90%

Attack Type

Other

Complexity

N/a

Reliability

Theoretical

Target: Microsoft Office Excel (MS08-014)

No auth needed

Prerequisites: N/A

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (11)

Core 11

Core References

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1019200

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39699

Broken Link, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA08-071A.html

Broken Link, Patch, Vendor Advisory vendor-advisory x_refsource_mskb

http://www.microsoft.com/technet/security/advisory/947563.mspx

Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27305

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=120585858807305&w=2

Broken Link, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0146

Broken Link, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0846/references

Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28506

Scores

CVSS v3 9.8

EPSS 0.8177

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2008-10-01

CWE

CWE-908

Status published

Products (5)

microsoft/excel 2000 sp3

microsoft/excel 2002 sp3

microsoft/excel 2003 sp2

microsoft/excel_viewer 2003

microsoft/office 2004

Published Jan 16, 2008

Tracked Since Feb 18, 2026