CVE-2011-1989

Published Sep 15, 2011

Last updated 6 years ago

Overview

Description: Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51172DC6-4217-44B9-AAA8-82B93FDBFC30"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01CBB518-3740-424F-82AD-DF6036155326"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE381B87-A400-4EAB-8085-CB9C34522DD2"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84CD3A20-1082-4685-98B0-3492228F869E"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EADA2495-FF61-4E02-B469-3D9E28BBD06E"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_web_app:2010:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E548F0F4-2FA3-4F47-85C7-8F9BFDE86E59"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AC0BEF9-2417-48C5-BC95-F95F41F08795"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C60D2557-347B-41BD-91D5-A51C88630B73"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C91F1A74-BE24-4EF7-8E3B-E5E6448E7E40"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "586E6C37-346C-40BA-AC89-2CEB8C44E190"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48EB5C93-55BF-4608-A9DC-EDD8DE15EE44"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References