CVE-2011-1990

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

63.5%

top 1.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Office Microsoft Office Compatibility Pack +1 more

Timeline

PublishedSep 15

Latest updateMay 14

Description

Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/excel2007

▶NVDmicrosoft/office_compatibility_pack2007

▶NVDmicrosoft/office2007

▶NVDmicrosoft/sharepoint_server2007

🔴Vulnerability Details

GHSA

GHSA-f9f3-g4p4-q8f6: Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2;↗2022-05-14

▶

CVEList

CVE-2011-1990: Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2;↗2011-09-15

▶