CVE-2008-0081 — CRITICAL (9.8)

Vulnerability Description

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Excel	2000
Microsoft	Excel Viewer	2003
Microsoft	Office	2004

Related Weaknesses (CWE)

CWE-908

References

http://marc.info/?l=bugtraq&m=120585858807305&w=2Mailing List
http://secunia.com/advisories/28506Broken LinkVendor Advisory
http://securitytracker.com/id?1019200Broken LinkThird Party AdvisoryVDB Entry
http://www.microsoft.com/technet/security/advisory/947563.mspxBroken LinkPatchVendor Advisory
http://www.securityfocus.com/bid/27305Broken LinkPatchThird Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-071A.htmlBroken LinkThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2008/0146Broken LinkVendor Advisory
http://www.vupen.com/english/advisories/2008/0846/referencesBroken LinkVendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-01PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39699Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://marc.info/?l=bugtraq&m=120585858807305&w=2Mailing List
http://secunia.com/advisories/28506Broken LinkVendor Advisory
http://securitytracker.com/id?1019200Broken LinkThird Party AdvisoryVDB Entry
http://www.microsoft.com/technet/security/advisory/947563.mspxBroken LinkPatchVendor Advisory

FAQ

What is CVE-2008-0081?

CVE-2008-0081 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Ma...

How severe is CVE-2008-0081?

CVE-2008-0081 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2008-0081?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel, Microsoft Excel Viewer, Microsoft Office.