Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2011-0105 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel
Severity
9.3CRITICALNVD
EPSS
89.4%
top 0.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 13
Latest updateMay 14
Description
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-rpg9-x63j-3644: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized↗2022-05-14
CVEList▶
CVE-2011-0105: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized↗2011-04-13
VulnCheck
▶
💥Exploits & PoCs
2🕵️Threat Intelligence
1📐Framework References
1💬Community
1Bugzilla▶
CVE-2011-2262 mysql: Unspecified vulnerability allows remote attackers to affect availability↗2012-01-22