CVE-2012-1847

2012-05-0900:55:01

CWE-264

[email protected]

web.nvd.nist.gov

138

microsoft excel

office

remote code execution

cve-2012-1847

security vulnerability

spreadsheet

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.932 High

EPSS

Percentile

99.1%

JSON

Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2003sp3

microsoftexcelMatch2007sp2

microsoftexcelMatch2007sp3

microsoftexcelMatch2010

microsoftexcelMatch2010sp1

microsoftexcel_viewer

microsoftofficeMatch2008

microsoftofficeMatch2011mac

microsoftoffice_compatibility_packsp2

microsoftoffice_compatibility_packsp3

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2003
microsoft:excelmicrosoft exceleq2007
microsoft:excelmicrosoft exceleq2010
microsoft:excel_viewermicrosoft excel viewereq*
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2011
microsoft:office_compatibility_packmicrosoft office compatibility packeq*

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2003
microsoft:excel	microsoft excel	eq	2007
microsoft:excel	microsoft excel	eq	2010
microsoft:excel_viewer	microsoft excel viewer	eq	*
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2011
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*