Lucene search

MicrosoftCVE-2011-1989

HistorySep 15, 2011 - 12:26 p.m.

CVE-2011-1989

2011-09-1512:26:48

CWE-20

microsoft

web.nvd.nist.gov

cve-2011-1989

microsoft excel

remote code execution

vulnerability

spreadsheet

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.943

Percentile

99.2%

JSON

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Excel Conditional Expression Parsing Vulnerability.”

Affected configurations

Nvd

Node

microsoftexcelMatch2003sp3

microsoftexcelMatch2007sp2

microsoftexcelMatch2010x32

microsoftexcelMatch2010x64

microsoftexcelMatch2010sp1x32

microsoftexcelMatch2010sp1x64

microsoftexcel_viewersp2

microsoftexcel_web_appMatch2010

microsoftexcel_web_appMatch2010sp1

microsoftofficeMatch2004mac

microsoftofficeMatch2007sp2

microsoftofficeMatch2008mac

microsoftofficeMatch2010x32

microsoftofficeMatch2010x64

microsoftofficeMatch2010sp1x32

microsoftofficeMatch2010sp1x64

microsoftofficeMatch2011mac

microsoftoffice_compatibility_packMatch2007sp2

microsoftopen_xml_file_format_convertermac

microsoftsharepoint_serverMatch2007sp2x32

microsoftsharepoint_serverMatch2007sp2x64

microsoftsharepoint_serverMatch2010

microsoftsharepoint_serverMatch2010sp1

VendorProductVersionCPE
microsoftexcel2003cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*
microsoftexcel_viewer*cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*
microsoftexcel_web_app2010cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*
microsoftexcel_web_app2010cpe:2.3:a:microsoft:excel_web_app:2010:sp1:*:*:*:*:*:*
microsoftoffice2004cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2003	cpe:2.3:a:microsoft:excel:2003:sp3::::::
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp2::::::
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010::x32:::::
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010::x64:::::
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp1:x32:::::*
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp1:x64:::::*
microsoft	excel_viewer	*	cpe:2.3:a:microsoft:excel_viewer::sp2::::::*
microsoft	excel_web_app	2010	cpe:2.3:a:microsoft:excel_web_app:2010:::::::*
microsoft	excel_web_app	2010	cpe:2.3:a:microsoft:excel_web_app:2010:sp1::::::
microsoft	office	2004	cpe:2.3:a:microsoft:office:2004::mac:::::