CVE-2011-0978

HIGH

Description

Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."

References

http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

http://secunia.com/advisories/39122

http://secunia.com/advisories/43232

http://securityreason.com/securityalert/8231

http://www.securitytracker.com/id?1025337

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

http://www.vupen.com/english/advisories/2011/0940

http://zerodayinitiative.com/advisories/ZDI-11-042/

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439

Details

Source: MITRE

Published: 2011-02-10

Updated: 2018-10-12

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
53378MS11-021: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)NessusWindows : Microsoft Bulletins
high
53374MS11-021 / MS11-022 / MS11-023: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489279 / 2489283 / 2489293) (Mac OS X)NessusMacOS X Local Security Checks
high