FKIE_CVE-2008-3005

Vulnerability from fkie_nvd - Published: 2008-08-12 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
References
secure@microsoft.comhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=121915960406986&w=2
secure@microsoft.comhttp://secunia.com/advisories/31454Vendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/bid/30639
secure@microsoft.comhttp://www.securitytracker.com/id?1020671
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-225A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2347Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=121915960406986&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31454Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30639
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020671
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-225A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2347Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837
Impacted products
Vendor Product Version
microsoft office 2000
microsoft office xp
microsoft office 2004
microsoft office 2008
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the \"Excel Index Array Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad del \u00edndice de matriz en Microsoft Office Excel 2000 SP3 y 2002 SP3, y Office 2004 y 2008 para Mac permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Excel con un \u00edndice de matriz creado para un registro FORMAT, tambi\u00e9n se conoce como \"Excel Index Array Vulnerability.\""
    }
  ],
  "id": "CVE-2008-3005",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-08-12T23:41:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31454"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/30639"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020671"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2347"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2347"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.