CVE-2011-1276

16.06.2011, 20:55

Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:C/I:C/A:C
microsoft	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
microsoft	excel_viewer	*
microsoft	open_xml_file_format_converter	*

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://osvdb.org/72924

http://securityreason.com/securityalert/8330

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451

http://osvdb.org/72924

http://securityreason.com/securityalert/8330

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451