CVSS: 9.3EPSS: 93%CPEs: 11EXPL: 0CVE-2011-1273
https://notcve.org/view.php?id=CVE-2011-1273
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Improper Record Parsing Vulnerability." Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004, 2008, y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 no valida adecuadamente información gravada durante el parseo de las hojas de cálculo en Excel, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de hojas de cálculo, también conocido como "Excel Improper Record Parsing Vulnerability." • http://osvdb.org/72921 http://secunia.com/advisories/44931 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 10EXPL: 0CVE-2011-0098
https://notcve.org/view.php?id=CVE-2011-0098
Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability." Un error en la propiedad signedness de un entero en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP2, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo XLS con un gran tamaño de registro, también se conoce como "Excel Heap Overflow Vulnerability." • http://osvdb.org/71759 http://secunia.com/advisories/39122 http://secunia.com/secunia_research/2011-32 http://www.securityfocus.com/bid/47235 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 96%CPEs: 10EXPL: 0CVE-2011-0097
https://notcve.org/view.php?id=CVE-2011-0097
Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka "Excel Integer Overrun Vulnerability." Un desbordamiento de enteros en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2, de Microsoft , permite a los atacantes remotos ejecutar código arbitrario por medio de una subcorriente 400h diseñada en un archivo de Excel, que desencadena un desbordamiento de búfer en la región stack de la memoria, también se conoce como "Excel Integer Overrun Vulnerability." • http://osvdb.org/71758 http://secunia.com/advisories/39122 http://secunia.com/secunia_research/2011-31 http://www.securityfocus.com/bid/47201 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 84%CPEs: 11EXPL: 0CVE-2011-0979 – Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0979
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability." Excel 2002 SP3, 2003 SP3, 2007 SP2 y 2010; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; y Excel Viewer SP2 de Microsoft, no maneja apropiadamente los errores durante el análisis de registros Art de Office en hojas de cálculo de Excel, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un registro de objeto malformado, relacionado con una "stray reference", también se conoce como "Excel Linked List Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application parses an Office Art record within a Microsoft Excel Document. Specifically, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://osvdb.org/70904 http://secunia.com/advisories/39122 http://secunia.com/advisories/43231 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository&#x • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 31%CPEs: 8EXPL: 0CVE-2007-3890
https://notcve.org/view.php?id=CVE-2007-3890
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. Microsoft Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP2, y Office 2004 para Mac permite a atacantes remotos ejecutar código de su elección mediante un Espacio de Trabajo (Workspace) con un determinado valor de índice que dispara una corrupción de memoria. • http://secunia.com/advisories/26145 http://www.securityfocus.com/bid/25280 http://www.securitytracker.com/id?1018561 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2868 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2149 •