Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Microsoft
  • Excel
  • Office
  • Office Compatibility Pack
  • Office Excel Viewer
  • Open Xml File Format Converter

Configuration 1 [-]

OR cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*

No data.

References
Link Providers
http://www.securityfocus.com/archive/1/511729/100/0/threaded cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA10-159B.html cve-icon cve-icon
http://www.zerodayinitiative.com/advisories/ZDI-10-104 cve-icon cve-icon
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2010-06-08T20:00:00

Updated: 2024-08-07T00:59:39.312Z

Reserved: 2010-03-02T00:00:00

Link: CVE-2010-0821

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-06-08T20:30:01.960

Modified: 2018-10-12T21:57:17.713

Link: CVE-2010-0821

cve-icon Redhat

No data.