Description
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."
References (5)
Core 5
Core References
Broken Link third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1023698
Scores
CVSS v3
7.8
EPSS
0.7144
EPSS Percentile
98.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
Status
published
Products (9)
microsoft/excel
2002 sp3
microsoft/excel
2003 sp3
microsoft/excel
2007 sp1 (2 CPE variants)
microsoft/office
2004
microsoft/office
2008
microsoft/office_compatibility_pack
2007 sp1 (2 CPE variants)
microsoft/office_excel_viewer
(2 CPE variants)
microsoft/office_sharepoint_server
2007 sp1 (2 CPE variants)
microsoft/open_xml_file_format_converter
Published
Mar 10, 2010
Tracked Since
Feb 18, 2026