CVE-2010-0258
Description
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka Microsoft Office Excel Sheet Object Type Confusion Vulnerability.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
71.44
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Microsoft Excel 2002 (KB978471) | Windows |
| Security Update for Microsoft Office Excel 2003 (KB978474) | Windows |
| Security Update for Microsoft Office Excel 2007 (KB978382) x86 based systems | Windows |
| Security Update for Microsoft Office Excel 2007 (KB978382) x86 based systems for SP2 | Windows |
| Security Update for Microsoft Office Excel Viewer (KB978383) | Windows |
| Security Update for the 2007 Microsoft Office System (KB978380) x86 based systems | Windows |
| Security Update for the 2007 Microsoft Office System (KB978380) x86 based systems for SP2 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-8233 | Security Update for Microsoft Office Excel 2007 (KB978382) |
| PATCH-8234 | Security Update for Microsoft Office Excel 2007 (KB978382) |
| PATCH-8235 | Security Update for Microsoft Office Excel Viewer (KB978383) |
| PATCH-8236 | Security Update for the 2007 Microsoft Office System (KB978380) |
| PATCH-8237 | Security Update for the 2007 Microsoft Office System (KB978380) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234