CVE-2008-0113

Microsoft Excel Viewer - Code Injection

Title source: rule

Description

Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."

Exploits (1)

exploitdb SUSPICIOUS

localwindows

https://www.exploit-db.com/exploits/5320

View Code ZIP pw:eip

References (9)

[Mailing List] http://marc.info/?l=bugtraq&m=120585858807305&w=2

[Vendor Advisory] http://secunia.com/advisories/29321

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-071A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/0848/references

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5421

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489415/100/0/threaded

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-016

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-08-008

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019578

Scores

EPSS 0.6652

EPSS Percentile 98.5%

Details

CWE

CWE-94

Status published

Products (1)

microsoft/excel_viewer 2003

Published Mar 11, 2008

Tracked Since Feb 18, 2026