CVE-2008-3471

Microsoft Excel <2007 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45579
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-068/
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021044
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2808
Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31705
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45581
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32211

Scores

EPSS 0.5232
EPSS Percentile 98.8%

Details

CWE
CWE-787
Status published
Products (8)
microsoft/excel 2003 sp2 (2 CPE variants)
microsoft/excel 2007 (2 CPE variants)
microsoft/excel_viewer
microsoft/excel_viewer 2003 (2 CPE variants)
microsoft/office 2004
microsoft/office 2008
microsoft/office_compatibility_pack 2007 (2 CPE variants)
microsoft/open_xml_file_format_converter
Published Oct 15, 2008
Tracked Since Feb 18, 2026