CVE-2012-0185Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

CWE-2645 documents5 sources
Severity
9.3CRITICALNVD
EPSS
64.7%
top 1.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Excel
Timeline
PublishedMay 9
Latest updateMay 4

Description

Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/excel2007, 2010+1

🔴Vulnerability Details

2
GHSA
GHSA-wxxw-5gg6-m36h: Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows r2022-05-04
CVEList
CVE-2012-0185: Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows r2012-05-09

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Microsoft Excel file download - SET 12012-05-10

🕵️Threat Intelligence

1
Zscaler
Zscaler Protects against Microsoft's Patch Cycle | Round 9
CVE-2012-0185 — Microsoft Excel vulnerability | cvebase