CVSS: 9.3EPSS: 86%CPEs: 11EXPL: 0CVE-2011-0979 – Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0979
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability." Excel 2002 SP3, 2003 SP3, 2007 SP2 y 2010; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; y Excel Viewer SP2 de Microsoft, no maneja apropiadamente los errores durante el análisis de registros Art de Office en hojas de cálculo de Excel, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un registro de objeto malformado, relacionado con una "stray reference", también se conoce como "Excel Linked List Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application parses an Office Art record within a Microsoft Excel Document. Specifically, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://osvdb.org/70904 http://secunia.com/advisories/39122 http://secunia.com/advisories/43231 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository&#x • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 92%CPEs: 6EXPL: 0CVE-2011-0980 – Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0980
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability." Microsoft Office Excel 2003 no parsea correctamente objetos Office Art, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un puntero a función. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw occurs when parsing a document with a malformed Excel document. When parsing an office art object, the application will add the malformed object to a linked list. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://secunia.com/advisories/39122 http://secunia.com/advisories/43210 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-040 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 97%CPEs: 4EXPL: 0CVE-2010-3231
https://notcve.org/view.php?id=CVE-2010-3231
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." Microsoft Excel 2002 SP3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac no valida correctamente la información de registro, lo cual permite a los atacantes remotos ejecutar código a su elección a través de documentos Excel manipulados, también conocido como "Excel Record Parsing Memory Corruption Vulnerability". • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7475 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 88%CPEs: 3EXPL: 0CVE-2010-3238
https://notcve.org/view.php?id=CVE-2010-3238
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." Microsoft Excel 2002 SP3 y 2003 SP3, y Office 2004 para Mac, no valida adecuadamente la información en formato binario, lo que permite a atacantes remotos ejecutar código de su elección a través de documentos Excel manipulados, conocido como "Vulnerabilidad de Función Future negativa". • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6872 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 88%CPEs: 1EXPL: 0CVE-2010-3235
https://notcve.org/view.php?id=CVE-2010-3235
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." Microsoft Excel 2002 SP3 no valida adecuadamente la información, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento Excel manipulado, conocido como "Vulnerabilidad de registro Formula Biff." • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7028 • CWE-20: Improper Input Validation •