Excel Conditional Expression Parsing Vulnerability in Microsoft Products
CVE-2011-1989

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Open Xml File Format Converter; Sharepoint Server; Excel
Vendor: CVE Published:; 15 September 2011

Summary

Microsoft Excel is affected by a vulnerability where it fails to properly parse conditional expressions associated with formatting requirements. This oversight allows remote attackers to craft malicious spreadsheets that can execute arbitrary code when opened by unsuspecting users. Affected products include various versions of Excel and its services, particularly in the Office suite for both Windows and Mac environments. Prompt updates and security patches are recommended to mitigate risks associated with this vulnerability.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA11-256A.html

third-party-advisoryx_refsource_CERT

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 15, 2011
Vulnerability Reserved
May 9, 2011