1. Home
  2. CVE Database
  3. CVE-2010-1253
HIGH · 9.3

CVE-2010-1253

Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007...

Vulnerability Description

Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftExcel2002
MicrosoftOffice2004
MicrosoftOpen Xml File Format ConverterAll versions
MicrosoftOffice Compatibility Pack2007

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2010-1253?

CVE-2010-1253 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007...

How severe is CVE-2010-1253?

CVE-2010-1253 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1253?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel, Microsoft Office, Microsoft Open Xml File Format Converter, Microsoft Office Compatibility Pack.