CVE-2010-0258
Summary
| CVE | CVE-2010-0258 |
|---|---|
| State | PUBLISHED |
| Assigner | microsoft |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-03-10 22:30:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." |
Risk And Classification
Primary CVSS: v3.1 7.8 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types: CWE-843 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Excel | 2002 | sp3 | All | All |
| Application | Microsoft | Excel | 2003 | sp3 | All | All |
| Application | Microsoft | Excel | 2007 | sp1 | All | All |
| Application | Microsoft | Excel | 2007 | sp2 | All | All |
| Application | Microsoft | Office | 2004 | All | All | All |
| Application | Microsoft | Office | 2008 | All | All | All |
| Application | Microsoft | Office Compatibility Pack | 2007 | sp1 | All | All |
| Application | Microsoft | Office Compatibility Pack | 2007 | sp2 | All | All |
| Application | Microsoft | Office Excel Viewer | - | sp1 | All | All |
| Application | Microsoft | Office Excel Viewer | - | sp2 | All | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp1 | All | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp2 | All | All |
| Application | Microsoft | Open Xml File Format Converter | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Public Advisory: 03.09.10 // iDefense Labs | af854a3a-2127-422b-91ae-364da2661108 | labs.idefense.com | Broken Link |
| SecurityTracker.com Archives - Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Broken Link |
| Microsoft Security Bulletin MS10-017 - Important | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | Patch, Vendor Advisory |
| US-CERT Technical Cyber Security Alert TA10-068A -- Microsoft Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.