Integer Underflow Vulnerability in Microsoft Excel by Microsoft
CVE-2011-0097

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel; Office Compatibility Pack
Vendor: CVE Published:; 13 April 2011

What is CVE-2011-0097?

An integer underflow vulnerability in Microsoft Excel allows an attacker to create a malicious Excel file that can trigger stack-based buffer overflows. This can lead to arbitrary code execution on the victim's system when the file is opened. Affected versions include Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010, along with several Office applications on Mac. Users are advised to apply security updates provided by Microsoft to mitigate this threat.

References

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

third-party-advisoryx_refsource_CERT

http://secunia.com/advisories/39122

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/secunia_research/2011-31

x_refsource_MISC

EPSS Score

63% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Dec 21, 2010