CVE-2008-3471 - Vulnerability Details

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.70823.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Excel Excel Viewer Office Office Compatibility Pack Open Xml File Format Converter

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:excel:2003:sp2::::::
	cpe:2.3:a:microsoft:excel:2003:sp3::::::
	cpe:2.3:a:microsoft:excel:2007:-::::::
	cpe:2.3:a:microsoft:excel:2007:sp1::::::
	cpe:2.3:a:microsoft:excel_viewer:-:::::::*
	cpe:2.3:a:microsoft:excel_viewer:2003:-::::::
	cpe:2.3:a:microsoft:excel_viewer:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2004:::::macos::
	cpe:2.3:a:microsoft:office:2008:::::macos::
	cpe:2.3:a:microsoft:office_compatibility_pack:2007:-::::::
	cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1::::::
	cpe:2.3:a:microsoft:open_xml_file_format_converter:-:::::macos::

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://secunia.com/advisories/32211
http://www.securityfocus.com/bid/31705
http://www.securitytracker.com/id?1021044
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2808
http://www.zerodayinitiative.com/advisories/ZDI-08-068/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057
https://exchange.xforce.ibmcloud.com/vulnerabilities/45579
https://exchange.xforce.ibmcloud.com/vulnerabilities/45581
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2008-10-15T00:00:00

Updated: 2024-08-07T09:37:26.995Z

Reserved: 2008-08-04T00:00:00

Link: CVE-2008-3471

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-10-15T00:12:15.757

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-3471

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object