CVE-2008-0115 : Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."

Published 2008-03-11 23:44:00

Updated 2018-10-12 21:45:00

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2008-0115

Probability of exploitation activity in the next 30 days: 76.00%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-0115

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-0115

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-0115

http://www.securityfocus.com/bid/28167

Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5512
http://marc.info/?l=bugtraq&m=120585858807305&w=2

'[security bulletin] HPSBST02320 SSRT080028 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARC

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0846/references

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA08-071A.html

Page Not Found | CISA
Patch;US Government Resource

CVEs referencing this url
http://www.securitytracker.com/id?1019585
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014

Microsoft Security Bulletin MS08-014 - Critical | Microsoft Learn

CVEs referencing this url

Products affected by CVE-2008-0115

Microsoft » Office » Version: 2004 MAC Edition
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2002 Update SP3
cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2000 Update SP3
cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2007
cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2003 Update SP2
cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Excel Viewer » Version: 2003
cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack For Word Excel Ppt 2007
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-0115

Exploit prediction scoring system (EPSS) score for CVE-2008-0115

CVSS scores for CVE-2008-0115

CWE ids for CVE-2008-0115

References for CVE-2008-0115

Products affected by CVE-2008-0115