CVE-2011-1275

2011-06-1620:55:02

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-1275

microsoft excel

office for mac

open xml

memory corruption

remote code execution

denial of service

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.785 High

EPSS

Percentile

98.3%

JSON

Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac; and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka “Excel Memory Heap Overwrite Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2002sp3

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftofficeMatch2011mac

microsoftopen_xml_file_format_convertermac

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2002
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2011
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2002
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2011
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*