Buffer Overflow Vulnerability in Microsoft Excel and Office for Mac
CVE-2011-0105

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel
Vendor: CVE Published:; 13 April 2011

Summary

A vulnerability exists in Microsoft Excel and Office for Mac due to improper handling of certain length values from uninitialized memory locations. This flaw allows remote attackers to exploit crafted Excel files to initiate a buffer overflow, potentially enabling the execution of arbitrary code within the context of the user. Affected products include Microsoft Excel 2002 Service Pack 3 and Office versions 2004 and 2008 for Mac, as well as the Open XML File Format Converter for Mac.

References

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

third-party-advisoryx_refsource_CERT

http://secunia.com/advisories/39122

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1025337

vdb-entryx_refsource_SECTRACK

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Dec 21, 2010