Vulnerability Details : CVE-2008-3477
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2008-3477
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3477
73.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3477
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-3477
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3477
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057
Microsoft Security Bulletin MS08-057 - Critical | Microsoft Learn
-
http://marc.info/?l=bugtraq&m=122479227205998&w=2
'[security bulletin] HPSBST02379 SSRT080143 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARC
-
http://www.vupen.com/english/advisories/2008/2808
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5870
404 Not Found
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746
-
http://secunia.com/advisories/32211
About Secunia Research | FlexeraPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45566
Microsoft Excel calendar object code execution CVE-2008-3477 Vulnerability Report
-
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Page Not Found | CISAUS Government Resource
-
http://www.securitytracker.com/id?1021044
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45581
Microsoft Windows Knowledge Base Article 956416 update is not installed CVE-2008-4019 Vulnerability Report
-
http://www.securityfocus.com/bid/31702
Patch
Jump to