Integer Signedness Error in Microsoft Excel and Other Related Products
CVE-2011-0098

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel; Office Compatibility Pack
Vendor: CVE Published:; 13 April 2011

Summary

An integer signedness error in Microsoft Excel and related products allows attackers to exploit specially crafted XLS files. By manipulating the record size, attackers can execute arbitrary code remotely, compromising system integrity. This vulnerability affects several versions of Excel, as well as Office for Mac and associated file format converters.

References

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

third-party-advisoryx_refsource_CERT

http://secunia.com/advisories/39122

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/71759

vdb-entryx_refsource_OSVDB

EPSS Score

63% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Dec 21, 2010