CVE-2008-4019

Properties

Published:
13.10.2008
Updated:
23.10.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Product:
microsoft: office_sharepoint_server
microsoft: office_sharepoint_server
microsoft: office_sharepoint_server
microsoft: office_sharepoint_server
microsoft: office
microsoft: office
microsoft: office
microsoft: office
microsoft: office

Vulnerability description

Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability."

References:

XF: http://xforce.iss.net/xforce/xfdb/45581
XF: http://xforce.iss.net/xforce/xfdb/45580
SECTRACK: http://www.securitytracker.com/id?1021044
BID: http://www.securityfocus.com/bid/31706
MS: http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
FRSIRT: http://www.frsirt.com/english/advisories/2008/2808
SECUNIA: http://secunia.com/advisories/32211