| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Excel 2000/2002/2003. It has been rated as critical. This affects an unknown part of the component XLS File Handler. The manipulation leads to input validation. This vulnerability is uniquely identified as CVE-2007-0028. No exploit exists. It is recommended to apply a patch to fix this issue.
Details
A vulnerability was found in Microsoft Excel 2000/2002/2003 (Spreadsheet Software). It has been rated as critical. This issue affects an unknown function of the component XLS File Handler. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
The bug was discovered 01/09/2007. The weakness was disclosed 01/09/2007 by Jie Ma with Fortinet (Website). It is possible to read the advisory at fortinet.com. The identification of this vulnerability is CVE-2007-0028 since 01/03/2007. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available.
It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 23998 (MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 110050 (Microsoft Excel Remote Code Execution Vulnerabilities (MS07-002)).
Applying the patch MS07-002 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 4970.
The vulnerability is also documented in the databases at Tenable (23998), SecurityFocus (BID 21952†), OSVDB (31249†), Secunia (SA23676†) and SecurityTracker (ID 1017485†). The entries VDB-34321, VDB-34320, VDB-34319 and VDB-34318 are pretty similar. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.0
VulDB Base Score: 10.0
VulDB Temp Score: 9.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 23998
Nessus Name: MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS07-002
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Timeline
01/03/2007 🔍01/09/2007 🔍
01/09/2007 🔍
01/09/2007 🔍
01/09/2007 🔍
01/09/2007 🔍
01/09/2007 🔍
01/09/2007 🔍
01/09/2007 🔍
01/09/2007 🔍
01/09/2007 🔍
01/10/2007 🔍
01/12/2007 🔍
01/12/2025 🔍
Sources
Vendor: microsoft.comAdvisory: fortinet.com
Researcher: Jie Ma
Organization: Fortinet
Status: Confirmed
CVE: CVE-2007-0028 (🔍)
GCVE (CVE): GCVE-0-2007-0028
GCVE (VulDB): GCVE-100-2807
OVAL: 🔍
IAVM: 🔍
CERT: 🔍
SecurityFocus: 21952 - Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability
Secunia: 23676 - Microsoft Excel Multiple Vulnerabilities, Highly Critical
OSVDB: 31249 - Microsoft Excel Malformed Record Memory Access Code Execution
SecurityTracker: 1017485
Vulnerability Center: 13955 - [MS07-002] Microsoft Excel Opcode Handling Code Execution Vulnerability via Malformed Record, Medium
Vupen: ADV-2007-0103
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 01/12/2007 09:38Updated: 01/12/2025 03:51
Changes: 01/12/2007 09:38 (100), 07/13/2019 15:01 (2), 03/15/2021 07:43 (3), 01/12/2025 03:51 (17)
Complete: 🔍
Cache ID: 216:D48:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.