Back
CVE-2010-0258
HIGH
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."
Published: Mar 10, 2010
Modified: Apr 29, 2026
CWE-843
CVSS Metrics
CVSSv3
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (13)
| Vendor | Product | Version |
|---|---|---|
| microsoft | excel | 2002 |
| microsoft | excel | 2003 |
| microsoft | excel | 2007 |
| microsoft | excel | 2007 |
| microsoft | office | 2004 |
| microsoft | office | 2008 |
| microsoft | office_compatibility_pack | 2007 |
| microsoft | office_compatibility_pack | 2007 |
| microsoft | office_excel_viewer | - |
| microsoft | office_excel_viewer | - |
| microsoft | office_sharepoint_server | 2007 |
| microsoft | office_sharepoint_server | 2007 |
| microsoft | open_xml_file_format_converter | * |
GitHub Security Advisory GHSA-mqmr-46gm-2w7q
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac;...
References (10)
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859 Broken Link
- http://www.securitytracker.com/id?1023698 Broken Link, Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA10-068A.html Third Party Advisory, US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545 Broken Link
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859 Broken Link
- http://www.securitytracker.com/id?1023698 Broken Link, Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA10-068A.html Third Party Advisory, US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545 Broken Link
Risk Scores
CVSS Score
7.8 / 10
EPSS Score
71.44%
Top 1% most likely to be exploited
Threat Score
62.6 / 100
Data Sources
NVD
EPSS
GitHub