← Back

CVE-2008-3471

nvd nist
Published: Oct 15, 2008Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."

Affected (12)

Microsoft
5 products
Excel
Excel Viewer
Office
Office Compatibility Pack
Open Xml File Format Converter
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Excel
Version 2003 sp2
Excel
Version 2003 sp3
Excel
Version 2007
Excel
Version 2007 sp1
Microsoft
Excel Viewer
All versions
Excel Viewer
Version 2003
Excel Viewer
Version 2003 sp3
Microsoft
Office
Version 2004
Office
Version 2008
Microsoft
Office Compatibility Pack
Version 2007
Office Compatibility Pack
Version 2007 sp1
Open Xml File Format Converter
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (22)

Source: secure@microsoft.com
Issue TrackingMailing ListThird Party Advisory
Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
PatchThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryUS Government Resource
Source: secure@microsoft.com
Third Party Advisory
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.