|Date: (C)2008-08-12 (M)2017-10-04|
|CVSS Score: 6.6||Access Vector: LOCAL|
|Exploitability Subscore: 3.9||Access Complexity: LOW|
|Impact Subscore: 9.2||Authentication: NONE|
| ||Confidentiality: COMPLETE|
| ||Integrity: COMPLETE|
| ||Availability: NONE|
Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."