Excel Error Handling Flaw in Microsoft Products
CVE-2011-0979

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel; Office Compatibility Pack
Vendor: CVE Published:; 10 February 2011

Summary

Certain Microsoft Excel products fail to handle errors occurring during the parsing of Office Art records appropriately. This oversight allows remote attackers to exploit the vulnerability through specially crafted Excel files, enabling them to execute arbitrary code. The so-called 'stray reference' issue is linked to a corruption in the Excel linked list. When affected users open a malicious file, their system could become compromised without their knowledge.

References

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

third-party-advisoryx_refsource_CERT

http://secunia.com/advisories/39122

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/43231

third-party-advisoryx_refsource_SECUNIA

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 10, 2011
Vulnerability Reserved
Feb 10, 2011