Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: MS Excel, remote code execution via .xlsx

August 2008 by Vigil@nce

SYNTHESIS

An attacker can use Excel spreadsheet with .xlsx extension to gain access to confidential information.

Gravity: 3/4

Consequences: data reading

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 13/08/2008

Identifier: VIGILANCE-VUL-8020

IMPACTED PRODUCTS

- Microsoft Excel [confidential versions]

DESCRIPTION

The .xlsx extension is the new format for Excel 2007, it is an Open XML file.

Theses files can connect to information on several computers.

It is possible to use this kind of file to gain access to secured sources, even if the file is configured not to save credentials.

A local attacker can therefore use .xslx files to gain access to confidential information.

CHARACTERISTICS

Identifiers: 954066, CVE-2008-3003, MS08-043, VIGILANCE-VUL-8020

https://vigilance.aql.fr/tree/1/8020




See previous articles

    

See next articles