CVE-2008-3006
First published: Tue Aug 12 2008(Updated: )
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Viewer | =2003 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =2007 | |
| Microsoft Office Viewer | =2003 | |
| Microsoft Office | =xp-sp3 | |
| Microsoft Office | =2003-sp2 | |
| Microsoft SharePoint Server 2010 | =2007 | |
| Microsoft Office Viewer | =2003-sp1 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =2007-sp1 | |
| Microsoft SharePoint Server 2010 | =2007-sp1 | |
| Microsoft Office | =2007-sp1 | |
| Microsoft Office | =2007 | |
| Microsoft Office | =2003-sp3 | |
| Microsoft Office | =2000-sp3 | |
| Microsoft Office | =2008 | |
| Microsoft Office | =2004 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/31455
- http://secunia.com/advisories/31454
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://www.securityfocus.com/bid/30640
- http://www.securitytracker.com/id?1020672
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.zerodayinitiative.com/advisories/ZDI-08-048/
- http://www.vupen.com/english/advisories/2008/2347
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561
- http://www.securityfocus.com/archive/1/495428/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043
Frequently Asked Questions
What is the severity of CVE-2008-3006?
CVE-2008-3006 has a CVSS base score of 7.5, indicating it is a high-severity vulnerability.
How do I fix CVE-2008-3006?
To fix CVE-2008-3006, install the latest security updates for your affected Microsoft Office software.
What versions of Microsoft Office are affected by CVE-2008-3006?
CVE-2008-3006 affects Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1, as well as Office Viewer and Compatibility Packs.
What type of vulnerability is CVE-2008-3006?
CVE-2008-3006 is a remote code execution vulnerability due to improper parsing of file formats.
Is there a workaround for CVE-2008-3006?
As a workaround for CVE-2008-3006, consider restricting access to untrusted files or avoiding the use of the affected Office versions until patches are applied.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- vendor/microsoft
- canonical/microsoft office viewer
- version/microsoft office viewer/2003
- canonical/microsoft office compatibility pack for word, excel, and powerpoint
- version/microsoft office compatibility pack for word, excel, and powerpoint/2007
- canonical/microsoft office
- version/microsoft office/xp-sp3
- version/microsoft office/2003-sp2
- canonical/microsoft sharepoint server 2010
- version/microsoft sharepoint server 2010/2007
- version/microsoft office viewer/2003-sp1
- version/microsoft office compatibility pack for word, excel, and powerpoint/2007-sp1
- version/microsoft sharepoint server 2010/2007-sp1
- version/microsoft office/2007-sp1
- version/microsoft office/2007
- version/microsoft office/2003-sp3
- version/microsoft office/2000-sp3
- version/microsoft office/2008
- version/microsoft office/2004