1. Home
  2. CVE Database
  3. CVE-2010-0260
HIGH · 9.3

CVE-2010-0260

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allo...

Vulnerability Description

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftExcel2002
MicrosoftOffice2004
MicrosoftOffice Compatibility Pack2007
MicrosoftOffice Excel ViewerAll versions
MicrosoftOffice Sharepoint Server2007
MicrosoftOpen Xml File Format ConverterAll versions

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2010-0260?

CVE-2010-0260 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allo...

How severe is CVE-2010-0260?

CVE-2010-0260 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0260?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel, Microsoft Office, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office Sharepoint Server.