CVE-2011-1276 – Excel - SLYK Format Parsing Buffer Overrun (PoC)
https://notcve.org/view.php?id=CVE-2011-1276
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability." Desbordamiento de búfer en Microsoft Excel 2002 SP3, 2003 SP3 y SP2 2007, Office 2004 y 2008 para Mac, Open XML Format Converter para Mac, Excel Viewer Service Pack 2, y el paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección mediante a través de una hoja de cálculo Excel manipulada,ralacionado con la validación incorrecta de la información almacenada tambien conocida como "Vulnerabilidad de saturación de búfer en Excel". • https://www.exploit-db.com/exploits/17643 http://osvdb.org/72924 http://securityreason.com/securityalert/8330 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1279
https://notcve.org/view.php?id=CVE-2011-1279
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability." Microsoft Excel 2002 SP3 y 2003 SP3; Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac no validan adecuadamente la información de los registros durante el parseo de las hojas de cálculo Excel, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de una hoja de cálculo manipulada. • http://www.securityfocus.com/bid/48164 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/67717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12373 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0104 – Microsoft Excel - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-0104
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability." Excel 2002 SP3 y 2003 SP3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac, de Microsoft, permiten a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un registro HLink en un archivo Excel, también se conoce como "Excel Buffer Overwrite Vulnerability." • https://www.exploit-db.com/exploits/35573 https://github.com/Sunqiz/CVE-2011-0104-reproduction http://osvdb.org/71761 http://secunia.com/advisories/39122 http://www.checkpoint.com/defense/advisories/public/2011/cpai-31-Mard.html http://www.securityfocus.com/bid/47245 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0098
https://notcve.org/view.php?id=CVE-2011-0098
Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability." Un error en la propiedad signedness de un entero en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP2, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo XLS con un gran tamaño de registro, también se conoce como "Excel Heap Overflow Vulnerability." • http://osvdb.org/71759 http://secunia.com/advisories/39122 http://secunia.com/secunia_research/2011-32 http://www.securityfocus.com/bid/47235 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034 • CWE-189: Numeric Errors •
CVE-2011-0103
https://notcve.org/view.php?id=CVE-2011-0103
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability." Microsoft Excel 2002 SP3 y 2003 SP3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de información manipulada del registro en un archivo Excel, también conocido como "Excel Memory Corruption Vulnerability." • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=901 http://osvdb.org/71760 http://secunia.com/advisories/39122 http://www.securityfocus.com/bid/47244 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12616 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •