CVE-2010-0264: Code Injection
First published: Wed Mar 10 2010(Updated: )
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Excel | =2002-sp3 | |
| Microsoft Office Excel | =2003-sp3 | |
| Microsoft Office Excel | =2007-sp1 | |
| Microsoft Office Excel | =2007-sp2 | |
| Microsoft Office | =2004 | |
| Microsoft Office | =2008 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =2007-sp1 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =2007-sp2 | |
| Microsoft Office Viewer | =sp1 | |
| Microsoft Office Viewer | =sp2 | |
| Microsoft SharePoint Portal Server | =2007-sp1 | |
| Microsoft SharePoint Portal Server | =2007-sp1 | |
| Microsoft SharePoint Portal Server | =2007-sp2 | |
| Microsoft SharePoint Portal Server | =2007-sp2 | |
| Microsoft Open XML File Format Converter |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-0264?
CVE-2010-0264 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2010-0264?
To fix CVE-2010-0264, users should install the latest security updates provided by Microsoft for affected versions of Excel and Office.
Which software is affected by CVE-2010-0264?
CVE-2010-0264 affects Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2, as well as Microsoft Office 2004 and 2008 for Mac.
What type of attack is possible with CVE-2010-0264?
CVE-2010-0264 could allow remote attackers to execute arbitrary code by exploiting a vulnerability in the parsing of crafted spreadsheet files.
Is there a workaround for CVE-2010-0264?
While the best solution is to apply the patch, users may limit exposure by avoiding opening untrusted Excel files.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- agent/tags
- vendor/microsoft
- canonical/microsoft office excel
- version/microsoft office excel/2002-sp3
- version/microsoft office excel/2003-sp3
- version/microsoft office excel/2007-sp1
- version/microsoft office excel/2007-sp2
- canonical/microsoft office
- version/microsoft office/2004
- version/microsoft office/2008
- canonical/microsoft office compatibility pack for word, excel, and powerpoint
- version/microsoft office compatibility pack for word, excel, and powerpoint/2007-sp1
- version/microsoft office compatibility pack for word, excel, and powerpoint/2007-sp2
- canonical/microsoft office viewer
- version/microsoft office viewer/sp1
- version/microsoft office viewer/sp2
- canonical/microsoft sharepoint portal server
- version/microsoft sharepoint portal server/2007-sp1
- version/microsoft sharepoint portal server/2007-sp2
- canonical/microsoft open xml file format converter