Lucene search
OmairZDI-11-281HistoryOct 13, 2011 - 12:00 a.m.
Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability
2011-10-1300:00:00
Omair
www.zerodayinitiative.com
16
EPSS
0.95
Percentile
99.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of a record inside a Microsoft Office Excel or PowerPoint document. When parsing a signed field from this structure, the application will use the field to seek into an array of objects. Due to this unbounded index, an attacker can cause an element outside the array to be treated as a different type. This type of corruption can lead to code execution under the context of the application.
Related
prion
prion
Out-of-bounds
2011-09-15 12:26:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel MS-OGRAPH Code Execution (MS11-072; CVE-2011-1990)
2011-09-13 00:00:00
symantec
symantec
nvd
nvd
CVE-2011-1990
2011-09-15 12:26:48
cve
cve
CVE-2011-1990
2011-09-15 12:26:48
cvelist
cvelist
CVE-2011-1990
2011-09-15 10:00:00
nessus
nessus
openvas
openvas
Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
2011-09-14 00:00:00
Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
2011-09-14 00:00:00
mskb
mskb
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2011-09-20 00:00:00