CVE-2008-3471
Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 y SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac no asigna memoria adecuadamente cuando carga objetos Excel durante el análisis del formato de fichero de la hoja de cálculo Excel, lo cual permite a atacantes remotos ejecutar código de su elección a través de ficheros BIFF manipulados, también conocido como "Vulnerabilidad de Análisis de Formato de Fichero".
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the victim to open the malformed BIFF (.xls) document.
The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed record, user-supplied data is copied into a stack-based buffer using a size that is calculated using contents from the record.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-08-04 CVE Reserved
- 2008-10-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1021044 | Third Party Advisory | |
| http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/2808 | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-068 | Third Party Advisory |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32211 | 2022-02-09 | |
| http://www.securityfocus.com/bid/31705 | 2022-02-09 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 | 2022-02-09 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=122479227205998&w=2 | 2022-02-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2003 Search vendor "Microsoft" for product "Excel" and version "2003" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2003 Search vendor "Microsoft" for product "Excel" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2007 Search vendor "Microsoft" for product "Excel" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2007 Search vendor "Microsoft" for product "Excel" and version "2007" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Viewer Search vendor "Microsoft" for product "Excel Viewer" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Viewer Search vendor "Microsoft" for product "Excel Viewer" | 2003 Search vendor "Microsoft" for product "Excel Viewer" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Viewer Search vendor "Microsoft" for product "Excel Viewer" | 2003 Search vendor "Microsoft" for product "Excel Viewer" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2004 Search vendor "Microsoft" for product "Office" and version "2004" | macos |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2008 Search vendor "Microsoft" for product "Office" and version "2008" | macos |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | 2007 Search vendor "Microsoft" for product "Office Compatibility Pack" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | 2007 Search vendor "Microsoft" for product "Office Compatibility Pack" and version "2007" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Open Xml File Format Converter Search vendor "Microsoft" for product "Open Xml File Format Converter" | - | macos |
Affected
| ||||||