CVSS: 9.3EPSS: 93%CPEs: 10EXPL: 0CVE-2012-0184
https://notcve.org/view.php?id=CVE-2012-0184
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo hecha a mano, también conocido como "Vulnerabilidad de corrupción de memoria en Excel SXLI Record" • http://secunia.com/advisories/49112 http://www.securityfocus.com/bid/53375 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75117 https://oval.cisecurity.org/repository/sea • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 94%CPEs: 10EXPL: 0CVE-2012-1847 – Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1847
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo manipulada, también conocido como "Error de Análisis de Registros de Excel podría permitir la ejecución remota de código." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Series records. The code within Excel.exe makes an assumption about the data types within a Series record and can be made to write beyond the bounds of a heap buffer when a specific combination of fields are set to unexpected values. • http://secunia.com/advisories/49112 http://www.securityfocus.com/bid/53379 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75119 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 95%CPEs: 7EXPL: 0CVE-2012-0185
https://notcve.org/view.php?id=CVE-2012-0185
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Excel 2007 SP2 y SP3 y 2010 Gold y SP1, Excel Viewer, y Office Compatibility Pack SP2 y SP3, permite a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo manipulada que provoca el manejo incorrecto de la memoria durante su apertura, también conocido como "Excel MergeCells Record Heap Overflow Vulnerability." • http://secunia.com/advisories/49112 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75118 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 95%CPEs: 6EXPL: 0CVE-2011-1990 – Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1990
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability." Microsoft Excel 2007 Service Pack 2; Excel en Office 2007 SP2, Excel Viewer SP2, Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, y Servicios de Excel en Office SharePoint Server 2007 SP2 no validan correctamente el signo de un índice no especificado de una matriz, lo que permite ejecutar código de su elección a atacantes remotos a través de una hoja de cálculo debidamente modificada. Es un problema también conocido como "Vulnerabilidad de indexación de matrices fuera de límites". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of a record inside a Microsoft Office Excel or PowerPoint document. • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 23EXPL: 0CVE-2011-1989 – Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2011-1989
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability." Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Service Pack 1 Gold y SP1; Excel en Office 2010 Service Pack 1 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, Servicios de Excel en Office SharePoint Server 2007 SP2, Servicios de Excel en Office SharePoint Server 2010 Gold y SP1, y Excel Web Access 2010 Gold y SP1 no analizan correctamente las expresiones condicionales asociadas con requisitos de formato, lo que permite a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo debidamente modificada. Es un problema también conocido como "Vulnerabilidad de análisis de expresiones condicionales de Excel". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses expressions used for determining formatting requirements. • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 • CWE-20: Improper Input Validation •