CVE-2007-0215
Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
Un desbordamiento de búfer en la región stack de la memoria en Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 y 2003 Viewer permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo BIFF .XLS con un registro de gráfico con nombre inapropiado, lo que resulta en corrupción de memoria.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.
The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed Named Graph record, user-supplied data may be copied to the stack unchecked thereby leading to an exploitable stack-based buffer overflow.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-12 CVE Reserved
- 2007-05-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/25150 | Third Party Advisory | |
http://www.osvdb.org/34393 | Vdb Entry | |
http://www.securityfocus.com/archive/1/467988/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/23760 | Vdb Entry | |
http://www.securitytracker.com/id?1018012 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA07-128A.html | Third Party Advisory | |
http://www.vupen.com/english/advisories/2007/1708 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/33913 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1971 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.zerodayinitiative.com/advisories/ZDI-07-026.html | 2018-10-16 |
URL | Date | SRC |
---|---|---|
http://www.securityfocus.com/archive/1/468871/100/200/threaded | 2018-10-16 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-023 | 2018-10-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2000 Search vendor "Microsoft" for product "Excel" and version "2000" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2002 Search vendor "Microsoft" for product "Excel" and version "2002" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2003 Search vendor "Microsoft" for product "Excel" and version "2003" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2007 Search vendor "Microsoft" for product "Excel" and version "2007" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Excel Viewer Search vendor "Microsoft" for product "Excel Viewer" | 2003 Search vendor "Microsoft" for product "Excel Viewer" and version "2003" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2000 Search vendor "Microsoft" for product "Office" and version "2000" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2004 Search vendor "Microsoft" for product "Office" and version "2004" | mac |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | xp Search vendor "Microsoft" for product "Office" and version "xp" | sp3 |
Affected
|