CVE-2008-3477
Last modified
CVE-2008-3477 is a vulnerability of currently unknown severity. Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability.". EPSS estimates a 35.69% chance of exploitation in the next 30 days.
Description
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Internet Explorer | 5.01 | Sp4 |
| Microsoft | Internet Explorer | 6 | — |
| Microsoft | Internet Explorer | 7 | — |
References
- http://secunia.com/advisories/32211Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-288A.htmlUS Government Resource
- http://secunia.com/advisories/32211Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-288A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-3477?
How severe is CVE-2008-3477?
How do I fix CVE-2008-3477?
Are you affected by CVE-2008-3477?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST