{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka \"File Format Parsing Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS08-074", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"}, {"name": "oval:org.mitre.oval:def:5614", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"}, {"name": "ADV-2008-3386", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3386"}, {"name": "20081209 Microsoft Excel Malformed Object Memory Corruption Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"}, {"name": "1021368", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021368"}, {"name": "TA08-344A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-4265", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka \"File Format Parsing Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS08-074", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"}, {"name": "oval:org.mitre.oval:def:5614", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"}, {"name": "ADV-2008-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3386"}, {"name": "20081209 Microsoft Excel Malformed Object Memory Corruption Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"}, {"name": "1021368", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021368"}, {"name": "TA08-344A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:08:34.959Z"}, "title": "CVE Program Container", "references": [{"name": "MS08-074", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"}, {"name": "oval:org.mitre.oval:def:5614", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"}, {"name": "ADV-2008-3386", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3386"}, {"name": "20081209 Microsoft Excel Malformed Object Memory Corruption Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"}, {"name": "1021368", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021368"}, {"name": "TA08-344A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-4265", "datePublished": "2008-12-10T13:33:00", "dateReserved": "2008-09-25T00:00:00", "dateUpdated": "2024-08-07T10:08:34.959Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*", "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*", "matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_excel:2007:*:*:*:*:*:*:*", "matchCriteriaId": "3BCABD31-F406-4184-97AF-21AD95353D26", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:20007_office_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "B507F860-5D28-4E86-8F61-FC71F4C030C3", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:20007_office_system:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "F9A0B1B7-21A7-4038-8738-02AFADAAB06D", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*", "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*", "matchCriteriaId": "0BB3D66F-9028-4703-9D6A-629331EEB492", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*", "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka \"File Format Parsing Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office Excel 2000 SP3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una hoja de c\u00e1lculo manipulada que contiene un objeto malformado, lo que dispara una corrupci\u00f3n de memoria durante la carga de registros desde esta hoja de c\u00e1lculo, alias \"Vulnerabilidad de An\u00e1lisis de Formato de Fichero\"."}], "evaluatorComment": "http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx\r\n\r\n\t\r\nFile Format Parsing Vulnerability - CVE-2008-4265\r\n\r\nA remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.", "id": "CVE-2008-4265", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-12-10T14:00:01.097", "references": [{"source": "secure@microsoft.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1021368"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/3386"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/3386"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}