Buffer overflow in Microsoft Excel

CVE-2010-0261

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet i…

Vulnerability class: Buffer Overflow

EPSS: 0.655 (98.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2007, 2003, 2002
Microsoft Office — versions 2004, 2008
Microsoft Office_compatibility_pack — versions 2007
Microsoft Office_excel_viewer
Microsoft Office_sharepoint_server — versions 2007
Microsoft Open_xml_file_format_converter
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20100309 Microsoft Excel MDXSET Record Heap Overflow Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
1023698 (vdb-entry, x_refsource_SECTRACK)
TA10-068A (US Government Resource, x_refsource_CERT, third-party-advisory)
MS10-017 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:8479 (signature, x_refsource_OVAL, vdb-entry)