CVSS: 9.3EPSS: 93%CPEs: 11EXPL: 0CVE-2011-1273
https://notcve.org/view.php?id=CVE-2011-1273
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Improper Record Parsing Vulnerability." Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004, 2008, y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 no valida adecuadamente información gravada durante el parseo de las hojas de cálculo en Excel, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de hojas de cálculo, también conocido como "Excel Improper Record Parsing Vulnerability." • http://osvdb.org/72921 http://secunia.com/advisories/44931 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 84%CPEs: 11EXPL: 0CVE-2011-0979 – Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0979
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability." Excel 2002 SP3, 2003 SP3, 2007 SP2 y 2010; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; y Excel Viewer SP2 de Microsoft, no maneja apropiadamente los errores durante el análisis de registros Art de Office en hojas de cálculo de Excel, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un registro de objeto malformado, relacionado con una "stray reference", también se conoce como "Excel Linked List Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application parses an Office Art record within a Microsoft Excel Document. Specifically, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://osvdb.org/70904 http://secunia.com/advisories/39122 http://secunia.com/advisories/43231 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository&#x • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 31%CPEs: 8EXPL: 0CVE-2007-3890
https://notcve.org/view.php?id=CVE-2007-3890
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. Microsoft Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP2, y Office 2004 para Mac permite a atacantes remotos ejecutar código de su elección mediante un Espacio de Trabajo (Workspace) con un determinado valor de índice que dispara una corrupción de memoria. • http://secunia.com/advisories/26145 http://www.securityfocus.com/bid/25280 http://www.securitytracker.com/id?1018561 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2868 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2149 •
CVSS: 5.1EPSS: 61%CPEs: 6EXPL: 0CVE-2006-3875
https://notcve.org/view.php?id=CVE-2006-3875
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. Vulnerabilidad no especificada en Microsoft Excel 2000, 2002, 2003, 2004 para Mac, v.X para Mac, y Excel Viewer 2003 permite a atacantes con la complicidad del usuario ejecutar código de su elección mediante un registro COLINFO artesanal en un fichero XLS, una vulnerabilidad diferente que CVE-2006-2387 y CVE-2006-3867. • http://securitytracker.com/id?1017031 http://www.kb.cert.org/vuls/id/252500 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20391 http://www.vupen.com/english/advisories/2006/3978 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A486 •
CVSS: 5.1EPSS: 61%CPEs: 6EXPL: 0CVE-2006-3867
https://notcve.org/view.php?id=CVE-2006-3867
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. Vulnerabilidad no especificada en Microsoft Excel 2000, 2002, 2003, 2004 para Mac, v.X para Mac, y Excel Viewer 2003 permite a atacantes con la complicidad del usuario ejecutar código de su elección mediante un fichero Lotus 1-2-3 artesanal, una vulnerabilidad diferente que CVE-2006-2387 y CVE-2006-3875. • http://securitytracker.com/id?1017031 http://www.kb.cert.org/vuls/id/821772 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20345 http://www.vupen.com/english/advisories/2006/3978 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A481 •