CVE-2011-0103

HIGH

Description

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=901

http://osvdb.org/71760

http://secunia.com/advisories/39122

http://www.securityfocus.com/bid/47244

http://www.securitytracker.com/id?1025337

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

http://www.vupen.com/english/advisories/2011/0940

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12616

Details

Source: MITRE

Published: 2011-04-13

Updated: 2018-10-12

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*

cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*

cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*

Tenable Plugins

View all (2 total)

ID	Name	Product	Family	Severity
53378	MS11-021: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)	Nessus	Windows : Microsoft Bulletins	high
53374	MS11-021 / MS11-022 / MS11-023: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489279 / 2489283 / 2489293) (Mac OS X)	Nessus	MacOS X Local Security Checks	high