CVE-2012-0141Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
61.6%
top 1.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Office
Timeline
PublishedMay 9
Latest updateMay 4

Description

Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel2003, 2007, 2010+2

🔴Vulnerability Details

2
GHSA
GHSA-6w75-qjmm-pmpf: Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not2022-05-04
CVEList
CVE-2012-0141: Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not2012-05-09

🕵️Threat Intelligence

1
Zscaler
Zscaler Protects against Microsoft's Patch Cycle | Round 9

💬Community

1
Bugzilla
CVE-2012-5531 GateIn Portal: Reflected Cross-Site Scripting (XSS)2012-11-16
CVE-2012-0141 — Microsoft Excel vulnerability | cvebase