What is CVE-2010-0822?

CVE-2010-0822 is a vulnerability in Microsoft Excel, classified under Code Injection. Published 2010-06-08.

Is CVE-2010-0822 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Microsoft Excel

CVE-2010-0822

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.804 (99.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2002
Microsoft Office — versions 2004, 2008
Microsoft Open_xml_file_format_converter
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20100608 VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow Vulnerability (CVE-2010-0822) (mailing-list, x_refsource_BUGTRAQ)
oval:org.mitre.oval:def:7265 (x_refsource_OVAL, signature, vdb-entry)
MS10-038 (x_refsource_MS, vendor-advisory)
40520 (vdb-entry, x_refsource_BID)
65236 (x_refsource_OSVDB, vdb-entry)
TA10-159B (US Government Resource, x_refsource_CERT, third-party-advisory)

Frequently asked questions

What is CVE-2010-0822?: CVE-2010-0822 is a vulnerability in Microsoft Excel, classified under Code Injection. Published 2010-06-08.
Is CVE-2010-0822 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.