cvelistv5 - cve-2007-0030

CVE-2007-0030 (GCVE-0-2007-0030)

Vulnerability from cvelistv5 – Published: 2007-01-09 23:00 – Updated: 2024-08-07 12:03

Summary

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.us-cert.gov/cas/techalerts/TA07-009A.html	third-party-advisoryx_refsource_CERT
	http://www.osvdb.org/31257	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1017487	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/457274/100…	vendor-advisoryx_refsource_HP
	http://www.kb.cert.org/vuls/id/302836	third-party-advisoryx_refsource_CERT-VN
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://www.vupen.com/english/advisories/2007/0103	vdb-entryx_refsource_VUPEN
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/457274/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/bid/21925	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:36.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA07-009A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
          },
          {
            "name": "31257",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31257"
          },
          {
            "name": "1017487",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017487"
          },
          {
            "name": "oval:org.mitre.oval:def:323",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
          },
          {
            "name": "HPSBST02184",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "VU#302836",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/302836"
          },
          {
            "name": "20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
          },
          {
            "name": "ADV-2007-0103",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0103"
          },
          {
            "name": "MS07-002",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
          },
          {
            "name": "SSRT071296",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "21925",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21925"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA07-009A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
        },
        {
          "name": "31257",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31257"
        },
        {
          "name": "1017487",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017487"
        },
        {
          "name": "oval:org.mitre.oval:def:323",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
        },
        {
          "name": "HPSBST02184",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
        },
        {
          "name": "VU#302836",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/302836"
        },
        {
          "name": "20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
        },
        {
          "name": "ADV-2007-0103",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0103"
        },
        {
          "name": "MS07-002",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
        },
        {
          "name": "SSRT071296",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
        },
        {
          "name": "21925",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21925"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0030",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA07-009A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
            },
            {
              "name": "31257",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31257"
            },
            {
              "name": "1017487",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017487"
            },
            {
              "name": "oval:org.mitre.oval:def:323",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
            },
            {
              "name": "HPSBST02184",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "VU#302836",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/302836"
            },
            {
              "name": "20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
            },
            {
              "name": "ADV-2007-0103",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0103"
            },
            {
              "name": "MS07-002",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
            },
            {
              "name": "SSRT071296",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "21925",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21925"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0030",
    "datePublished": "2007-01-09T23:00:00",
    "dateReserved": "2007-01-03T00:00:00",
    "dateUpdated": "2024-08-07T12:03:36.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F55D42D5-7371-47C2-BF55-B7F51C19B61E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"4891122F-AD7F-45E6-98C6-833227916F6B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"082D3262-87E3-4245-AD9C-02BE0871FA3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F79E0AB-7081-4F97-BFE4-9AF84F643B9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"07D3F3E4-93FB-481A-94D9-075E726697C4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDB0020C-A804-4003-B411-1AC7A6E7193E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F98B6FDD-E9AA-49A4-8D9C-422DF5520A66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB8E7A05-97EE-40A4-A410-B2DE582AA381\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"1A57804E-CD79-4431-AA97-0F85C2CE20C1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.\"}, {\"lang\": \"es\", \"value\": \"Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 para Mac, y v.X para Mac permiten a atacantes remotos con intervenci\\u00f3n del usuario ejecutar c\\u00f3digo de su elecci\\u00f3n mediante un archivo Excel con un campo Columna fuera de rango en determinados tipos de registros BIFF8, lo que referencia a memoria de su elecci\\u00f3n.\"}]",
      "id": "CVE-2007-0030",
      "lastModified": "2024-11-21T00:24:48.633",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-01-09T23:28:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017487\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/302836\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/31257\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457274/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457274/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/21925\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-009A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0103\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/302836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/31257\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457274/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457274/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/21925\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-009A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0030\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-01-09T23:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.\"},{\"lang\":\"es\",\"value\":\"Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 para Mac, y v.X para Mac permiten a atacantes remotos con intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo Excel con un campo Columna fuera de rango en determinados tipos de registros BIFF8, lo que referencia a memoria de su elecci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F55D42D5-7371-47C2-BF55-B7F51C19B61E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4891122F-AD7F-45E6-98C6-833227916F6B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"082D3262-87E3-4245-AD9C-02BE0871FA3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F79E0AB-7081-4F97-BFE4-9AF84F643B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"07D3F3E4-93FB-481A-94D9-075E726697C4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDB0020C-A804-4003-B411-1AC7A6E7193E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F98B6FDD-E9AA-49A4-8D9C-422DF5520A66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB8E7A05-97EE-40A4-A410-B2DE582AA381\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"1A57804E-CD79-4431-AA97-0F85C2CE20C1\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017487\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/302836\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/31257\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/457274/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/457274/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/21925\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-009A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0103\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/302836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/31257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/457274/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/457274/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/21925\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-009A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-H2W5-9M4X-7RXF

Vulnerability from github – Published: 2022-05-01 17:41 – Updated: 2022-05-01 17:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0030"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-09T23:28:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.",
  "id": "GHSA-h2w5-9m4x-7rxf",
  "modified": "2022-05-01T17:41:23Z",
  "published": "2022-05-01T17:41:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0030"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017487"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/302836"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/31257"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21925"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2007-AVI-016

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités d'Excel permettent à un utilisateur malveillant d'exécuter un code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent Excel :

le traitement défectueux des fichiers contenant un enregistrement IMDATA mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
le traitement défectueux des fichiers contenant un enregistrement COLUMN mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
le traitement défectueux des fichiers contenant un enregistrement PALETTE mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
le traitement défectueux des fichiers contenant une chaîne de caratères mal formée permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
le traitement défectueux des fichiers contenant un enregistrement mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;

Un attaquant peut exploiter ces vulnérabilités à distance en expédiant un courriel contenant un fichier spécialement conçu ou en incitant l'utilisateur à télécharger un tel fichier sur un site web.

Si l'utilisateur qui exécute le logiciel vulnérable est connecté sous une session d'administrateur, l'attaquant peut prendre le contrôle total de la machine.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Excel Viewer 2003 ;
Microsoft	N/A	Microsoft Excel 2000, 2002, 2003 ;
Microsoft	N/A	Microsoft Works Suite 2004 et 2005 ;
Microsoft	Office	Microsoft Office 2004 et v. X pour Mac.

References

Title

Publication Time

Tags

Bulletin Microsoft MS07-002	None	vendor-advisory
Bulletin de sécurité Microsoft MS07-002 du 09 janvier 2007 :	-	other
Bulletin de sécurité Microsoft MS07-002 du 09 janvier 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Excel Viewer 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2000, 2002, 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works Suite 2004 et 2005 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 et v. X pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent Excel :\n\n-   le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n    IMDATA mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n    code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n-   le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n    COLUMN mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n    code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n-   le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n    PALETTE mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n    code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n-   le traitement d\u00e9fectueux des fichiers contenant une cha\u00eene de\n    carat\u00e8res mal form\u00e9e permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\n    un code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n-   le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n    mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un code\n    arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n\nUn attaquant peut exploiter ces vuln\u00e9rabilit\u00e9s \u00e0 distance en exp\u00e9diant\nun courriel contenant un fichier sp\u00e9cialement con\u00e7u ou en incitant\nl\u0027utilisateur \u00e0 t\u00e9l\u00e9charger un tel fichier sur un site web.\n\nSi l\u0027utilisateur qui ex\u00e9cute le logiciel vuln\u00e9rable est connect\u00e9 sous\nune session d\u0027administrateur, l\u0027attaquant peut prendre le contr\u00f4le total\nde la machine.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0030"
    },
    {
      "name": "CVE-2007-0029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0029"
    },
    {
      "name": "CVE-2007-0028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0028"
    },
    {
      "name": "CVE-2007-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0031"
    },
    {
      "name": "CVE-2007-0027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0027"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-002 du 09 janvier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-002 du 09 janvier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-002.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-016",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u0027\u003cspan class=\"textit\"\u003eExcel\u003c/span\u003e permettent\n\u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Microsoft MS07-002",
      "url": null
    }
  ]
}

CERTA-2007-AVI-016

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités d'Excel permettent à un utilisateur malveillant d'exécuter un code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent Excel :

le traitement défectueux des fichiers contenant un enregistrement IMDATA mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
le traitement défectueux des fichiers contenant un enregistrement COLUMN mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
le traitement défectueux des fichiers contenant un enregistrement PALETTE mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
le traitement défectueux des fichiers contenant une chaîne de caratères mal formée permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
le traitement défectueux des fichiers contenant un enregistrement mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;

Si l'utilisateur qui exécute le logiciel vulnérable est connecté sous une session d'administrateur, l'attaquant peut prendre le contrôle total de la machine.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Excel Viewer 2003 ;
Microsoft	N/A	Microsoft Excel 2000, 2002, 2003 ;
Microsoft	N/A	Microsoft Works Suite 2004 et 2005 ;
Microsoft	Office	Microsoft Office 2004 et v. X pour Mac.

References

Title

Publication Time

Tags

Bulletin Microsoft MS07-002	None	vendor-advisory
Bulletin de sécurité Microsoft MS07-002 du 09 janvier 2007 :	-	other
Bulletin de sécurité Microsoft MS07-002 du 09 janvier 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Excel Viewer 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2000, 2002, 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works Suite 2004 et 2005 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 et v. X pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent Excel :\n\n-   le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n    IMDATA mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n    code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n-   le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n    COLUMN mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n    code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n-   le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n    PALETTE mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n    code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n-   le traitement d\u00e9fectueux des fichiers contenant une cha\u00eene de\n    carat\u00e8res mal form\u00e9e permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\n    un code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n-   le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n    mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un code\n    arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n    l\u0027utilisateur ;\n\nUn attaquant peut exploiter ces vuln\u00e9rabilit\u00e9s \u00e0 distance en exp\u00e9diant\nun courriel contenant un fichier sp\u00e9cialement con\u00e7u ou en incitant\nl\u0027utilisateur \u00e0 t\u00e9l\u00e9charger un tel fichier sur un site web.\n\nSi l\u0027utilisateur qui ex\u00e9cute le logiciel vuln\u00e9rable est connect\u00e9 sous\nune session d\u0027administrateur, l\u0027attaquant peut prendre le contr\u00f4le total\nde la machine.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0030"
    },
    {
      "name": "CVE-2007-0029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0029"
    },
    {
      "name": "CVE-2007-0028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0028"
    },
    {
      "name": "CVE-2007-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0031"
    },
    {
      "name": "CVE-2007-0027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0027"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-002 du 09 janvier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-002 du 09 janvier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-002.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-016",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u0027\u003cspan class=\"textit\"\u003eExcel\u003c/span\u003e permettent\n\u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Microsoft MS07-002",
      "url": null
    }
  ]
}

GSD-2007-0030

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0030

Aliases

CVE-2007-0030

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0030",
    "description": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.",
    "id": "GSD-2007-0030"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0030"
      ],
      "details": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.",
      "id": "GSD-2007-0030",
      "modified": "2023-12-13T01:21:35.560112Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-0030",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA07-009A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
          },
          {
            "name": "31257",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/31257"
          },
          {
            "name": "1017487",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017487"
          },
          {
            "name": "oval:org.mitre.oval:def:323",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
          },
          {
            "name": "HPSBST02184",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "VU#302836",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/302836"
          },
          {
            "name": "20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
          },
          {
            "name": "ADV-2007-0103",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0103"
          },
          {
            "name": "MS07-002",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
          },
          {
            "name": "SSRT071296",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "21925",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/21925"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0030"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
            },
            {
              "name": "VU#302836",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/302836"
            },
            {
              "name": "21925",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/21925"
            },
            {
              "name": "1017487",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017487"
            },
            {
              "name": "TA07-009A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
            },
            {
              "name": "31257",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/31257"
            },
            {
              "name": "ADV-2007-0103",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0103"
            },
            {
              "name": "oval:org.mitre.oval:def:323",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
            },
            {
              "name": "MS07-002",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
            },
            {
              "name": "HPSBST02184",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:30Z",
      "publishedDate": "2007-01-09T23:28Z"
    }
  }
}

FKIE_CVE-2007-0030

Vulnerability from fkie_nvd - Published: 2007-01-09 23:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460	Patch, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1017487
secure@microsoft.com	http://www.kb.cert.org/vuls/id/302836	US Government Resource
secure@microsoft.com	http://www.osvdb.org/31257
secure@microsoft.com	http://www.securityfocus.com/archive/1/457274/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/21925
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-009A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/0103
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017487
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/302836	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/31257
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/457274/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21925
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-009A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0103
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323

Impacted products

Vendor	Product	Version
microsoft	excel	2000
microsoft	office	2000
microsoft	excel	2002
microsoft	office	xp
microsoft	excel	2003
microsoft	office	2003
microsoft	excel_viewer	2003
microsoft	works	2004
microsoft	works	2005
microsoft	office	2004
microsoft	office	v.x

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98B6FDD-E9AA-49A4-8D9C-422DF5520A66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB8E7A05-97EE-40A4-A410-B2DE582AA381",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*",
              "matchCriteriaId": "1A57804E-CD79-4431-AA97-0F85C2CE20C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory."
    },
    {
      "lang": "es",
      "value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 para Mac, y v.X para Mac permiten a atacantes remotos con intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo Excel con un campo Columna fuera de rango en determinados tipos de registros BIFF8, lo que referencia a memoria de su elecci\u00f3n."
    }
  ],
  "id": "CVE-2007-0030",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-01-09T23:28:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1017487"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/302836"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.osvdb.org/31257"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/21925"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/0103"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/302836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/31257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0030 (GCVE-0-2007-0030)

GHSA-H2W5-9M4X-7RXF

CERTA-2007-AVI-016

Description

Solution

CERTA-2007-AVI-016

Description

Solution

GSD-2007-0030

FKIE_CVE-2007-0030

Tags

Sightings

Nomenclature