Memory Heap Overwrite Vulnerability in Microsoft Excel Products
CVE-2011-1275

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel
Vendor: CVE Published:; 16 June 2011

Summary

Microsoft Excel and several of its versions for both Windows and Mac platforms fail to adequately validate record information when parsing Excel spreadsheets. This oversight allows remote attackers to exploit specially crafted spreadsheet files, potentially leading to arbitrary code execution or triggering a denial of service via memory corruption. The vulnerability highlights the need for vigilant patch management and user awareness regarding the risks of handling unknown Excel files.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

50% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 16, 2011
Vulnerability Reserved
Mar 4, 2011