CVE-2011-1278

Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/48163
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/67716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12687

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:excel:2002:sp3::::::
	cpe:2.3:a:microsoft:office:2004::mac:::::

History

No history.

Information

Published : 2011-06-16 20:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-1278

Mitre link : CVE-2011-1278

CVE.ORG link : CVE-2011-1278

JSON object : View

Products Affected

microsoft

office
excel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-1278", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-06-16T20:55:02.293", "references": [{"url": "http://www.securityfocus.com/bid/48163", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67716", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12687", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel WriteAV Vulnerability.\""}, {"lang": "es", "value": "Microsoft Excel 2002 SP3 y Office 2004 para Mac no valida correctamente la informaci\u00f3n de registro durante el an\u00e1lisis de las hojas de c\u00e1lculo Excel, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una hoja de c\u00e1lculo manipulada, tambi\u00e9n conocido como \"vulnerabilidad de Excel WriteAV. \""}], "lastModified": "2018-10-12T22:00:47.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF"}, {"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}