RCE in Microsoft Excel

CVE-2010-0264

Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.566 (98.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2007, 2003, 2002
Microsoft Office — versions 2004, 2008
Microsoft Office_compatibility_pack — versions 2007
Microsoft Office_excel_viewer
Microsoft Office_sharepoint_server — versions 2007
Microsoft Open_xml_file_format_converter
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

1023698 (vdb-entry, x_refsource_SECTRACK)
TA10-068A (US Government Resource, x_refsource_CERT, third-party-advisory)
MS10-017 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:7888 (signature, x_refsource_OVAL, vdb-entry)