cvelistv5 - cve-2008-0111

CVE-2008-0111 (GCVE-0-2008-0111)

Vulnerability from cvelistv5 – Published: 2008-03-11 23:00 – Updated: 2024-08-07 07:32

Summary

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/28094	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA08-071A.html	third-party-advisoryx_refsource_CERT
	http://www.securitytracker.com/id?1019582	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://marc.info/?l=bugtraq&m=120585858807305&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=120585858807305&w=2	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2008/0846…	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.817Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28094",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28094"
          },
          {
            "name": "oval:org.mitre.oval:def:5114",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
          },
          {
            "name": "TA08-071A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
          },
          {
            "name": "1019582",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019582"
          },
          {
            "name": "MS08-014",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
          },
          {
            "name": "SSRT080028",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "HPSBST02320",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "ADV-2008-0846",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0846/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "28094",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28094"
        },
        {
          "name": "oval:org.mitre.oval:def:5114",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
        },
        {
          "name": "TA08-071A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
        },
        {
          "name": "1019582",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019582"
        },
        {
          "name": "MS08-014",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
        },
        {
          "name": "SSRT080028",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
        },
        {
          "name": "HPSBST02320",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
        },
        {
          "name": "ADV-2008-0846",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0846/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-0111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28094",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28094"
            },
            {
              "name": "oval:org.mitre.oval:def:5114",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
            },
            {
              "name": "TA08-071A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
            },
            {
              "name": "1019582",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019582"
            },
            {
              "name": "MS08-014",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
            },
            {
              "name": "SSRT080028",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
            },
            {
              "name": "HPSBST02320",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
            },
            {
              "name": "ADV-2008-0846",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0846/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-0111",
    "datePublished": "2008-03-11T23:00:00",
    "dateReserved": "2008-01-07T00:00:00",
    "dateUpdated": "2024-08-07T07:32:23.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"439B26BA-376C-4D6B-B7BA-B66B8BDA8E37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"896E23B1-AB34-43FF-96F3-BA6ED7F162AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A07483B7-E30C-43F3-B54B-2864BE9AD704\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDB0020C-A804-4003-B411-1AC7A6E7193E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"828219FA-E694-46DA-93B0-BE2EC5BBF61E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD97FF64-64A5-467C-B352-45B89B4A6536\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \\\"Excel Data Validation Record Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 a 2007, Viewer 2003, Compatibility Pack, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar c\\u00f3digo de su elecci\\u00f3n mediante registros de validaci\\u00f3n de datos manipulados, tambi\\u00e9n conocido como \\\"Vulnerabilidad de Registro de Validaci\\u00f3n de Datos en Excel.\\\"\"}]",
      "id": "CVE-2008-0111",
      "lastModified": "2024-11-21T00:41:11.583",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-03-11T23:44:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/28094\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019582\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0846/references\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019582\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0846/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}, {\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0111\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2008-03-11T23:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \\\"Excel Data Validation Record Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 a 2007, Viewer 2003, Compatibility Pack, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante registros de validaci\u00f3n de datos manipulados, tambi\u00e9n conocido como \\\"Vulnerabilidad de Registro de Validaci\u00f3n de Datos en Excel.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"439B26BA-376C-4D6B-B7BA-B66B8BDA8E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"896E23B1-AB34-43FF-96F3-BA6ED7F162AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A07483B7-E30C-43F3-B54B-2864BE9AD704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDB0020C-A804-4003-B411-1AC7A6E7193E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"828219FA-E694-46DA-93B0-BE2EC5BBF61E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD97FF64-64A5-467C-B352-45B89B4A6536\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/28094\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019582\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0846/references\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019582\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0846/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-0111

Vulnerability from fkie_nvd - Published: 2008-03-11 23:44 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://marc.info/?l=bugtraq&m=120585858807305&w=2
secure@microsoft.com	http://www.securityfocus.com/bid/28094	Patch
secure@microsoft.com	http://www.securitytracker.com/id?1019582
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA08-071A.html	Patch, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/0846/references
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=120585858807305&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28094	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019582
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-071A.html	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0846/references
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114

Impacted products

Vendor	Product	Version
microsoft	excel	2000
microsoft	excel	2002
microsoft	excel	2003
microsoft	excel_viewer	2003
microsoft	office	2004
microsoft	office	2007
microsoft	office_compatibility_pack_for_word_excel_ppt_2007	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "439B26BA-376C-4D6B-B7BA-B66B8BDA8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 a 2007, Viewer 2003, Compatibility Pack, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante registros de validaci\u00f3n de datos manipulados, tambi\u00e9n conocido como \"Vulnerabilidad de Registro de Validaci\u00f3n de Datos en Excel.\""
    }
  ],
  "id": "CVE-2008-0111",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-11T23:44:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28094"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019582"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-125

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans l'application Microsoft Excel. L'une d'elles a fait l'objet en janvier 2008 de l'alerte CERTA-2008-ALE-003. Elles permettraient à une personne malveillante les exploitant via un fichier Excel spécialement construit d'exécuter des commandes arbitraires sur le système vulnérable sur lequel le document serait ouvert.

Description

Plusieurs vulnérabilités ont été identifiées dans l'application de bureautique Microsoft Excel.

l'application ne manipulerait pas convenablement les macros à l'ouverture de fichiers Excel. Cette vulnérabilité a fait l'objet de l'alerte CERTA-2008-ALE-003 ;
l'application ne contrôlerait pas correctement les données des fichiers Excel lorsqu'ils sont chargés en mémoire ;
l'application ne vérifierait pas correctement les données de fichiers qui sont importés ;
l'application ne manipulerait pas correctement des informations liées à un enregistrement STYLE à l'ouverture d'un fichier ;
l'application ne validerait pas correctement des valeurs pour la mise en forme conditionnelle.

L'exploitation de ces vulnérabilités permettrait à une personne malveillante d'exécuter des commandes arbitraires sur le système vulnérable sur lequel un document spécifiquement construit serait ouvert.

Des codes d'exploitation concernant certaines de ces vulnérabilités circulent actuellement sur l'Internet.

Solution

Se référer au bulletin de sécurité MS08-014 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 2 ;
Microsoft	Office	Pack de Compatibilité Microsoft Office pour les formats de fichiers Word, Excel et PowerPoint 2007 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office 2007 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-014 du 11 mars 2008	None	vendor-advisory
Document du CERTA CERTA-2008-ALE-003 du 16 mars 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de Compatibilit\u00e9 Microsoft Office pour les formats de fichiers Word, Excel et PowerPoint 2007 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l\u0027application de\nbureautique Microsoft Excel.\n\n-   l\u0027application ne manipulerait pas convenablement les macros \u00e0\n    l\u0027ouverture de fichiers Excel. Cette vuln\u00e9rabilit\u00e9 a fait l\u0027objet de\n    l\u0027alerte CERTA-2008-ALE-003 ;\n-   l\u0027application ne contr\u00f4lerait pas correctement les donn\u00e9es des\n    fichiers Excel lorsqu\u0027ils sont charg\u00e9s en m\u00e9moire ;\n-   l\u0027application ne v\u00e9rifierait pas correctement les donn\u00e9es de\n    fichiers qui sont import\u00e9s ;\n-   l\u0027application ne manipulerait pas correctement des informations\n    li\u00e9es \u00e0 un enregistrement STYLE \u00e0 l\u0027ouverture d\u0027un fichier ;\n-   l\u0027application ne validerait pas correctement des valeurs pour la\n    mise en forme conditionnelle.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permettrait \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me\nvuln\u00e9rable sur lequel un document sp\u00e9cifiquement construit serait\nouvert.\n\nDes codes d\u0027exploitation concernant certaines de ces vuln\u00e9rabilit\u00e9s\ncirculent actuellement sur l\u0027Internet.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-014 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0081"
    },
    {
      "name": "CVE-2008-0112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0112"
    },
    {
      "name": "CVE-2008-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0115"
    },
    {
      "name": "CVE-2008-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0117"
    },
    {
      "name": "CVE-2008-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0114"
    },
    {
      "name": "CVE-2008-0116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0116"
    },
    {
      "name": "CVE-2008-0111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0111"
    }
  ],
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-ALE-003 du 16 mars 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-003/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-125",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l\u0027application\nMicrosoft Excel. L\u0027une d\u0027elles a fait l\u0027objet en janvier 2008 de\nl\u0027alerte CERTA-2008-ALE-003. Elles permettraient \u00e0 une personne\nmalveillante les exploitant via un fichier Excel sp\u00e9cialement construit\nd\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me vuln\u00e9rable sur\nlequel le document serait ouvert.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-014 du 11 mars 2008",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx"
    }
  ]
}

CERTA-2008-AVI-125

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été identifiées dans l'application de bureautique Microsoft Excel.

l'application ne manipulerait pas convenablement les macros à l'ouverture de fichiers Excel. Cette vulnérabilité a fait l'objet de l'alerte CERTA-2008-ALE-003 ;
l'application ne contrôlerait pas correctement les données des fichiers Excel lorsqu'ils sont chargés en mémoire ;
l'application ne vérifierait pas correctement les données de fichiers qui sont importés ;
l'application ne manipulerait pas correctement des informations liées à un enregistrement STYLE à l'ouverture d'un fichier ;
l'application ne validerait pas correctement des valeurs pour la mise en forme conditionnelle.

Des codes d'exploitation concernant certaines de ces vulnérabilités circulent actuellement sur l'Internet.

Solution

Se référer au bulletin de sécurité MS08-014 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 2 ;
Microsoft	Office	Pack de Compatibilité Microsoft Office pour les formats de fichiers Word, Excel et PowerPoint 2007 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office 2007 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-014 du 11 mars 2008	None	vendor-advisory
Document du CERTA CERTA-2008-ALE-003 du 16 mars 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de Compatibilit\u00e9 Microsoft Office pour les formats de fichiers Word, Excel et PowerPoint 2007 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l\u0027application de\nbureautique Microsoft Excel.\n\n-   l\u0027application ne manipulerait pas convenablement les macros \u00e0\n    l\u0027ouverture de fichiers Excel. Cette vuln\u00e9rabilit\u00e9 a fait l\u0027objet de\n    l\u0027alerte CERTA-2008-ALE-003 ;\n-   l\u0027application ne contr\u00f4lerait pas correctement les donn\u00e9es des\n    fichiers Excel lorsqu\u0027ils sont charg\u00e9s en m\u00e9moire ;\n-   l\u0027application ne v\u00e9rifierait pas correctement les donn\u00e9es de\n    fichiers qui sont import\u00e9s ;\n-   l\u0027application ne manipulerait pas correctement des informations\n    li\u00e9es \u00e0 un enregistrement STYLE \u00e0 l\u0027ouverture d\u0027un fichier ;\n-   l\u0027application ne validerait pas correctement des valeurs pour la\n    mise en forme conditionnelle.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permettrait \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me\nvuln\u00e9rable sur lequel un document sp\u00e9cifiquement construit serait\nouvert.\n\nDes codes d\u0027exploitation concernant certaines de ces vuln\u00e9rabilit\u00e9s\ncirculent actuellement sur l\u0027Internet.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-014 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0081"
    },
    {
      "name": "CVE-2008-0112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0112"
    },
    {
      "name": "CVE-2008-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0115"
    },
    {
      "name": "CVE-2008-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0117"
    },
    {
      "name": "CVE-2008-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0114"
    },
    {
      "name": "CVE-2008-0116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0116"
    },
    {
      "name": "CVE-2008-0111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0111"
    }
  ],
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-ALE-003 du 16 mars 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-003/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-125",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l\u0027application\nMicrosoft Excel. L\u0027une d\u0027elles a fait l\u0027objet en janvier 2008 de\nl\u0027alerte CERTA-2008-ALE-003. Elles permettraient \u00e0 une personne\nmalveillante les exploitant via un fichier Excel sp\u00e9cialement construit\nd\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me vuln\u00e9rable sur\nlequel le document serait ouvert.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-014 du 11 mars 2008",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx"
    }
  ]
}

GHSA-R3MR-4PWG-VMGC

Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2022-05-01 23:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0111"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-11T23:44:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\"",
  "id": "GHSA-r3mr-4pwg-vmgc",
  "modified": "2022-05-01T23:27:40Z",
  "published": "2022-05-01T23:27:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0111"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28094"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019582"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0111

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0111

Aliases

CVE-2008-0111

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0111",
    "description": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\"",
    "id": "GSD-2008-0111"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0111"
      ],
      "details": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\"",
      "id": "GSD-2008-0111",
      "modified": "2023-12-13T01:22:58.887076Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2008-0111",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28094",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28094"
          },
          {
            "name": "oval:org.mitre.oval:def:5114",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
          },
          {
            "name": "TA08-071A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
          },
          {
            "name": "1019582",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019582"
          },
          {
            "name": "MS08-014",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
          },
          {
            "name": "SSRT080028",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "HPSBST02320",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "ADV-2008-0846",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0846/references"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-0111"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                },
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA08-071A",
              "refsource": "CERT",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
            },
            {
              "name": "28094",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/28094"
            },
            {
              "name": "1019582",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019582"
            },
            {
              "name": "SSRT080028",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
            },
            {
              "name": "ADV-2008-0846",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0846/references"
            },
            {
              "name": "oval:org.mitre.oval:def:5114",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
            },
            {
              "name": "MS08-014",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:44Z",
      "publishedDate": "2008-03-11T23:44Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0111 (GCVE-0-2008-0111)

FKIE_CVE-2008-0111

CERTA-2008-AVI-125

Description

Solution

CERTA-2008-AVI-125

Description

Solution

GHSA-R3MR-4PWG-VMGC

GSD-2008-0111

Tags

Sightings

Nomenclature