CVE-2011-1279Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
43.5%
top 2.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Office
Timeline
PublishedJun 16
Latest updateMay 14

Description

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel2002, 2003+1
NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

2
GHSA
GHSA-f5gg-8xfg-pqm7: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record inform2022-05-14
CVEList
CVE-2011-1279: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record inform2011-06-16

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 06-14-2011
CVE-2011-1279 — Microsoft Excel vulnerability | cvebase