Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-3471

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."

Security Impact Summary

CVE-2008-3471 is a security vulnerability that . Impacting 5 products from microsoft, from microsoft, from microsoft and 2 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2008, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2008-10-15T00:12:15.757

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	excel	2003	Yes
Application	microsoft	excel	2003	Yes
Application	microsoft	excel	2007	Yes
Application	microsoft	excel	2007	Yes
Application	microsoft	excel_viewer	-	Yes
Application	microsoft	excel_viewer	2003	Yes
Application	microsoft	excel_viewer	2003	Yes
Application	microsoft	office	2004	Yes
Application	microsoft	office	2008	Yes
Application	microsoft	office_compatibility_pack	2007	Yes
Application	microsoft	office_compatibility_pack	2007	Yes
Application	microsoft	open_xml_file_format_converter	-	Yes

References

http://marc.info/?l=bugtraq&m=122479227205998&w=2 Issue Tracking, Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/32211 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/31705 Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1021044 Third Party Advisory, VDB Entry ([email protected])
http://www.us-cert.gov/cas/techalerts/TA08-288A.html Third Party Advisory, US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2008/2808 Third Party Advisory ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-08-068/ Third Party Advisory, VDB Entry ([email protected])
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=122479227205998&w=2 Issue Tracking, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32211 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/31705 Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021044 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA08-288A.html Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2808 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-08-068/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For microsoft's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.