CVE-2008-3005: Input Validation
First published: Tue Aug 12 2008(Updated: )
Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | =xp-sp3 | |
| Microsoft Office | =2000-sp3 | |
| Microsoft Office | =2008 | |
| Microsoft Office | =2004 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/30639
- http://secunia.com/advisories/31454
- http://www.securitytracker.com/id?1020671
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.vupen.com/english/advisories/2008/2347
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/xp-sp3
- version/microsoft office/2000-sp3
- version/microsoft office/2008
- version/microsoft office/2004