CVE-2010-1249

HIGH

Description

Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.

References

http://osvdb.org/65232

http://www.securityfocus.com/archive/1/511767/100/0/threaded

http://www.securityfocus.com/bid/40527

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6634

Details

Source: MITRE

Published: 2010-06-08

Updated: 2018-10-12

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
50066MS10-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2027452) (Mac OS X)NessusMacOS X Local Security Checks
high
46845MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)NessusWindows : Microsoft Bulletins
high