Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0104Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
9.3CRITICALNVD
EPSS
76.9%
top 1.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft ExcelMicrosoft Office
Timeline
PublishedApr 13
Latest updateMay 14

Description

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel2002, 2003+1
NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

2
GHSA
GHSA-xfjm-p2hj-x3rp: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbi2022-05-14
CVEList
CVE-2011-0104: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbi2011-04-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Excel - Remote Buffer Overflow2011-04-12

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 04-12-2011

💬Community

1
Bugzilla
CVE-2014-0104 fence-agents: no verification of remote SSL certificates2014-02-28
CVE-2011-0104 — Microsoft Excel vulnerability | cvebase