CVE-2011-1277

Published Jun 16, 2011

Last updated 6 years ago

Overview

Description: Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References