Vulnerability Details : CVE-2008-0668
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-0668
Exploit prediction scoring system (EPSS) score for CVE-2008-0668
20.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0668
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-0668
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0668
-
http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml
Apps for GNOME – Discover the best Apps for GNOMEPatch
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html
[SECURITY] Fedora 7 Update: gnumeric-1.6.3-14.fc7
-
http://security.gentoo.org/glsa/glsa-200802-05.xml
Gnumeric: User-assisted execution of arbitrary code (GLSA 200802-05) — Gentoo security
-
http://bugs.gentoo.org/show_bug.cgi?id=208356
208356 – (CVE-2008-0668) app-office/gnumeric < 1.8.1 excel_read_HLINK XLS opcodes code excution (CVE-2008-0668)
-
http://www.debian.org/security/2008/dsa-1546
[SECURITY] [DSA 1546-1] New gnumeric packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:056
Mandriva
-
http://www.securityfocus.com/bid/27536
-
http://www.vupen.com/english/advisories/2008/0462
Site en construction
-
http://www.ubuntu.com/usn/usn-604-1
USN-604-1: Gnumeric vulnerability | Ubuntu security notices | Ubuntu
-
http://bugzilla.gnome.org/show_bug.cgi?id=505330
Bug 505330 – Gnumeric crashes on opening Excel 97 file
-
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:016 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html
[SECURITY] Fedora 8 Update: gnumeric-1.6.3-14.fc8
Jump to