Vulnerabilities > CVE-2008-4265 - Resource Management Errors vulnerability in Microsoft products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

CWE-399

nessus

NVD

Published: 2008-12-10

Updated: 2018-10-12

Summary

Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Office Excel 2000 Microsoft Office Excel 2002 Microsoft Office Excel 2003 Microsoft Office Excel 2007 Microsoft 20007 Office System * Microsoft 20007 Office System Sp1 Microsoft Office 2000 Microsoft Office 2003 Microsoft Office Xp Microsoft Office 2008 Microsoft Office 2004 Microsoft Open XML File Format Converter * Microsoft Office Compatibility Pack FOR Word Excel PPT 2007 * Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer *	18

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Msbulletin

bulletin_id	MS08-074
bulletin_url
date	2008-12-09T00:00:00
impact	Remote Code Execution
knowledgebase_id	959070
knowledgebase_url
severity	Critical
title	Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS08-074.NASL
description	The remote host is running a version of Microsoft Excel that is subject to various flaws that may allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel.
last seen	2020-06-01
modified	2020-06-02
plugin id	35073
published	2008-12-10
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35073
title	MS08-074: Microsoft Excel Multiple Method Remote Code Execution (959070)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(35073); script_version("1.35"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2008-4265", "CVE-2008-4264", "CVE-2008-4266"); script_bugtraq_id(32618, 32621, 32622); script_xref(name:"MSFT", value:"MS08-074"); script_xref(name:"MSKB", value:"958372"); script_xref(name:"MSKB", value:"958434"); script_xref(name:"MSKB", value:"958435"); script_xref(name:"MSKB", value:"958436"); script_xref(name:"MSKB", value:"958437"); script_xref(name:"MSKB", value:"958442"); script_name(english:"MS08-074: Microsoft Excel Multiple Method Remote Code Execution (959070)"); script_summary(english:"Determines the version of Excel.exe"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through Microsoft Excel."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Microsoft Excel that is subject to various flaws that may allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-074"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Excel 2000, XP, 2003 and 2007."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2008/12/09"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel_viewer"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_nt_ms02-031.nasl", "office_installed.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("misc_func.inc"); include("audit.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS08-074'; kbs = make_list("958372", "958434", "958435", "958436", "958437", "958442"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); port = get_kb_item("SMB/transport"); # # Excel # vuln = 0; list = get_kb_list("SMB/Office/Excel//ProductPath"); if (!isnull(list)) { foreach item (keys(list)) { v = item - 'SMB/Office/Excel/' - '/ProductPath'; if(ereg(pattern:"^9\..", string:v)) { # Excel 2000 - fixed in 9.0.0.8974 office_sp = get_kb_item("SMB/Office/2000/SP"); if (!isnull(office_sp) && office_sp == 3) { sub = ereg_replace(pattern:"^9\.00?\.00?\.([0-9])$", string:v, replace:"\1"); if(sub != v && int(sub) < 8974 ) { vuln++; kb = '958435'; hotfix_add_report(bulletin:bulletin, kb:kb); } } } else if(ereg(pattern:"^10\..", string:v)) { # Excel XP - fixed in 10.0.6850.0 office_sp = get_kb_item("SMB/Office/XP/SP"); if (!isnull(office_sp) && office_sp == 3) { middle = ereg_replace(pattern:"^10\.0\.([0-9])\.[0-9]$", string:v, replace:"\1"); if(middle != v && int(middle) < 6850 ) { vuln++; kb = '958372'; hotfix_add_report(bulletin:bulletin, kb:kb); } } } else if(ereg(pattern:"^11\..", string:v)) { # Excel 2003 - fixed in 11.0.8237.0 office_sp = get_kb_item("SMB/Office/2003/SP"); if (!isnull(office_sp) && office_sp == 3) { middle = ereg_replace(pattern:"^11\.0\.([0-9])\.[0-9]$", string:v, replace:"\1"); if(middle != v && int(middle) < 8237 ) { vuln++; kb = '958436'; hotfix_add_report(bulletin:bulletin, kb:kb); } } } else if(ereg(pattern:"^12\..", string:v)) { # Excel 2007 - fixed in 12.0.6331.5000 office_sp = get_kb_item("SMB/Office/2007/SP"); if (!isnull(office_sp) && (office_sp == 0 && office_sp == 1)) { middle = ereg_replace(pattern:"^12\.0\.([0-9])\.[0-9]$", string:v, replace:"\1"); low = ereg_replace(pattern:"^12\.0\.[0-9]\.([0-9])$", string:v, replace:"\1"); if(middle != v && ( ( int(middle) < 6331 \|\| ( int(middle) == 6331 && int(low) < 5000) ) ) ) { vuln++; kb = '958437'; hotfix_add_report(bulletin:bulletin, kb:kb); } } } } } # # Excel Viewer # list = get_kb_list("SMB/Office/ExcelViewer//ProductPath"); if (!isnull(list)) { foreach item (keys(list)) { v = item - 'SMB/Office/ExcelViewer/' - '/ProdutPath'; if (v && ereg(pattern:"^11\..", string:v)) { # Excel Viwever 2003 - fixed in 11.0.8237.0 middle = ereg_replace(pattern:"^11\.0\.([0-9])\.[0-9]$", string:v, replace:"\1"); if(middle != v && int(middle) < 8237 ) { vuln++; kb = '958434'; hotfix_add_report(bulletin:bulletin, kb:kb); } } else if (v && ereg(pattern:"^12\..", string:v)) { # Excel Viwever 2003 - fixed in 12.0.6331.5000 middle = ereg_replace(pattern:"^12\.0\.([0-9])\.[0-9]*$", string:v, replace:"\1"); if(middle != v && int(middle) < 6331 ) { vuln++; kb = '958442'; hotfix_add_report(bulletin:bulletin, kb:kb); } } } } if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); exit(0); } else audit(AUDIT_HOST_NOT, 'affected');

Oval

accepted

2014-06-30T04:11:03.380-04:00

class

vulnerability

contributors

name Jeff Ito
organization Secure Elements, Inc.
name Josh Turpin
organization Symantec Corporation
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment	Microsoft Excel 2000 is installed
oval	oval:org.mitre.oval:def:758

description

family

windows

oval:org.mitre.oval:def:5614

status

accepted

submitted

2008-12-09T13:52:00-05:00

title

File Format Parsing Vulnerability

version

Saint

bid	32618
description	Microsoft Excel TXO and OBJ record parsing memory corruption
id	win_patch_excel2000
osvdb	50556
title	excel_txo_obj
type	client

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 32618,32622,32621 CVE(CAN) ID: CVE-2008-4265,CVE-2008-4266,CVE-2008-4264 Excel是微软Office套件中的电子表格工具。 Excel在解析记录和公式时存在多个内存破坏漏洞，在验证NAME记录中的索引值时存在栈破坏漏洞。如果用户打开带有畸形对象的特制Excel文件，这些漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 Microsoft Excel Viewer 2003 SP3 Microsoft Excel Viewer 2003 Microsoft Excel Viewer Microsoft Excel 2007 SP1 Microsoft Excel 2007 Microsoft Excel 2003 SP3 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac 临时解决方法： * 不要打开或保存从不受信任来源或从受信任来源意外收到的Microsoft Office文件。 * 在Word客户端系统上，当打开来自未知来源或不可信来源的文件时使用Microsoft Office隔离转换环境（MOICE）。厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS08-074）以及相应补丁: MS08-074：Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) 链接：<a href=http://www.microsoft.com/technet/security/Bulletin/ms08-074.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/ms08-074.mspx?pf=true</a>
id	SSV:4554
last seen	2017-11-19
modified	2008-12-11
published	2008-12-11
reporter	Root
title	Microsoft Excel畸形对象解析远程代码执行漏洞（MS08-074）

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Msbulletin

Nessus

Oval

Saint

Seebug

References