RCE in Microsoft Excel

CVE-2010-1249

Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23)…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.649 (98.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2002
Microsoft Office — versions 2004, 2008
Microsoft Open_xml_file_format_converter
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

40527 (vdb-entry, x_refsource_BID)
20100608 VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249) (mailing-list, x_refsource_BUGTRAQ)
65232 (x_refsource_OSVDB, vdb-entry)
MS10-038 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:6634 (x_refsource_OVAL, signature, vdb-entry)
TA10-159B (US Government Resource, x_refsource_CERT, third-party-advisory)