CVE-2008-3003

Severity Score

6.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."

Office Excel 2007 de Microsoft Gold y SP1, no elimina apropiadamente la cadena PWD (contraseña) del archivo connections.xml cuando se configura un archivo .xlsx para no guardar la contraseña de sesión de datos remota, lo que permite a los usuarios locales obtener información confidencial y obtener acceso a una fuente de datos remota, también se conoce como la "Excel Credential Caching Vulnerability".

*Credits: N/A

CVSS Scores

NISTv2 6.6

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-07-07 CVE Reserved
2008-08-12 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/30641	Vdb Entry
http://www.securitytracker.com/id?1020669	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-225A.html	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5951	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://marc.info/?l=bugtraq&m=121915960406986&w=2	2018-10-12
http://secunia.com/advisories/31454	2018-10-12
http://www.vupen.com/english/advisories/2008/2347	2018-10-12
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2007 Search vendor "Microsoft" for product "Office" and version "2007"		-		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2007 Search vendor "Microsoft" for product "Office" and version "2007"		gold		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2007 Search vendor "Microsoft" for product "Office" and version "2007"		sp1		Affected