Added: 06/15/2011
CVE: CVE-2011-0105
BID: 47256
OSVDB: 71765
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory MS11-021 contain an improper initialization bug of a value that is used to allocate memory. If an attacker can get a target to open a specially formatted Excel document, they may be able to exploit this bug to execute arbitrary code on the targetโs system.
Apply the patch outlined in Microsoft Security Advisory MS11-021.
<http://www.microsoft.com/technet/security/Bulletin/MS11-021.mspx>
<http://secunia.com/advisories/39122>
This exploit has been tested against Microsoft Excel 2002 SP3 with KB2345017 running on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn), where the version of excel.exe was 10.0.6866.
Windows