CVE-2008-3477

N/A Unknown
Published: October 15, 2008 Modified: April 23, 2026
View on NVD

Description

Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746
Source: secure@microsoft.com
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Source: secure@microsoft.com
http://secunia.com/advisories/32211
Source: secure@microsoft.com
Patch Vendor Advisory
http://www.securityfocus.com/bid/31702
Source: secure@microsoft.com
Patch
http://www.securitytracker.com/id?1021044
Source: secure@microsoft.com
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Source: secure@microsoft.com
US Government Resource
http://www.vupen.com/english/advisories/2008/2808
Source: secure@microsoft.com
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057
Source: secure@microsoft.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/45566
Source: secure@microsoft.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/45581
Source: secure@microsoft.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5870
Source: secure@microsoft.com
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/32211
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.securityfocus.com/bid/31702
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1021044
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2008/2808
Source: af854a3a-2127-422b-91ae-364da2661108
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/45566
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/45581
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5870
Source: af854a3a-2127-422b-91ae-364da2661108

22 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
71.3%
99th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-399

Affected Vendors

microsoft

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A