RCE in Microsoft Excel

CVE-2010-1250

Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.624 (98.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2002
Microsoft Office — versions 2004, 2008
Microsoft Open_xml_file_format_converter
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

20100608 VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250) (mailing-list, x_refsource_BUGTRAQ)
MS10-038 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:7593 (x_refsource_OVAL, signature, vdb-entry)
TA10-159B (US Government Resource, x_refsource_CERT, third-party-advisory)
40528 (vdb-entry, x_refsource_BID)