CVE-2011-0980

Published Feb 10, 2011

Last updated 3 months ago

CVSS info 9.3

Overview

Description: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References