CVE-2008-4019
Last modified
CVE-2008-4019 is a vulnerability of currently unknown severity. Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability.". EPSS estimates a 34.41% chance of exploitation in the next 30 days.
Description
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Excel | 2003 | Sp2 |
| Microsoft | Excel | 2007 | — |
| Microsoft | Excel Viewer | All versions | — |
| Microsoft | Excel Viewer | 2003 | — |
| Microsoft | Office | 2004 | — |
| Microsoft | Office | 2008 | — |
| Microsoft | Office Compatibility Pack | 2007 | — |
| Microsoft | Open Xml File Format Converter | All versions | — |
| Microsoft | Sharepoint Server | 2007 | — |
References
- http://marc.info/?l=bugtraq&m=122479227205998&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://secunia.com/advisories/32211Patch, Vendor Advisory
- http://www.securityfocus.com/bid/31706Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1021044Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-288A.htmlThird Party Advisory, US Government Resource
- http://www.vupen.com/english/advisories/2008/2808Third Party Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057Patch, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45580Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45581Third Party Advisory, VDB Entry
- http://marc.info/?l=bugtraq&m=122479227205998&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://secunia.com/advisories/32211Patch, Vendor Advisory
- http://www.securityfocus.com/bid/31706Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1021044Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-288A.htmlThird Party Advisory, US Government Resource
- http://www.vupen.com/english/advisories/2008/2808Third Party Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057Patch, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45580Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45581Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-4019?
How severe is CVE-2008-4019?
How do I fix CVE-2008-4019?
Are you affected by CVE-2008-4019?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST