Excel Parsing Flaw in Microsoft Products Allows Remote Code Execution
CVE-2011-1279

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel
Vendor: CVE Published:; 16 June 2011

Summary

A vulnerability exists in Microsoft Excel and its associated products due to improper validation of record information during the parsing of Excel spreadsheets. This flaw allows remote attackers to craft malicious spreadsheets that, when opened, can execute arbitrary code on the victim's system or lead to a denial of service through memory corruption. Affected versions include Microsoft Excel 2002 SP3, 2003 SP3, Office 2004 and 2008 for Mac, as well as the Open XML File Format Converter for Mac. It is crucial for users of these products to apply the necessary security updates to mitigate the risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/67717

vdb-entryx_refsource_XF

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/48164

vdb-entryx_refsource_BID

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 16, 2011
Vulnerability Reserved
Mar 4, 2011