CVE-2010-0261: Buffer Overflow
First published: Wed Mar 10 2010(Updated: )
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Open XML File Format Converter | ||
| Microsoft Office | =2008 | |
| Microsoft Office Viewer | =sp1 | |
| Microsoft SharePoint Portal Server | =2007-sp1 | |
| Microsoft Office | =2004 | |
| Microsoft Office Excel | =2007-sp2 | |
| Microsoft Office Excel | =2007-sp1 | |
| Microsoft Office Viewer | =sp2 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =2007-sp2 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =2007-sp1 | |
| Microsoft Office Excel | =2002-sp3 | |
| Microsoft SharePoint Portal Server | =2007-sp2 | |
| Microsoft Office Excel | =2003-sp3 | |
| Microsoft SharePoint Portal Server | =2007-sp1 | |
| Microsoft SharePoint Portal Server | =2007-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861
- http://www.securitytracker.com/id?1023698
- http://www.us-cert.gov/cas/techalerts/TA10-068A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479
Frequently Asked Questions
What is the severity of CVE-2010-0261?
CVE-2010-0261 is classified as a critical vulnerability due to the potential for remote code execution.
How do I fix CVE-2010-0261?
To fix CVE-2010-0261, users should apply the latest security patches provided by Microsoft for the affected versions of Excel and Office.
Who is affected by CVE-2010-0261?
CVE-2010-0261 affects multiple versions of Microsoft Office Excel and Office Compatibility Pack, particularly versions 2007 SP1 and SP2.
What type of vulnerability is CVE-2010-0261?
CVE-2010-0261 is a heap-based buffer overflow vulnerability that can be exploited via crafted spreadsheet files.
Can CVE-2010-0261 be exploited remotely?
Yes, CVE-2010-0261 can be exploited remotely by attackers through specially crafted Excel files.
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- vendor/microsoft
- canonical/microsoft open xml file format converter
- canonical/microsoft office
- version/microsoft office/2008
- canonical/microsoft office viewer
- version/microsoft office viewer/sp1
- canonical/microsoft sharepoint portal server
- version/microsoft sharepoint portal server/2007-sp1
- version/microsoft office/2004
- canonical/microsoft office excel
- version/microsoft office excel/2007-sp2
- version/microsoft office excel/2007-sp1
- version/microsoft office viewer/sp2
- canonical/microsoft office compatibility pack for word, excel, and powerpoint
- version/microsoft office compatibility pack for word, excel, and powerpoint/2007-sp2
- version/microsoft office compatibility pack for word, excel, and powerpoint/2007-sp1
- version/microsoft office excel/2002-sp3
- version/microsoft sharepoint portal server/2007-sp2
- version/microsoft office excel/2003-sp3