CVE-2011-0978
Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."
Desbordamiento de búfer basado en pila en Microsoft Office Excel permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con un registro de propiedades de eje, y el incremento indebido de un índice de matriz.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the application's usage of a specific field used for incrementing an index used in an array. Due to the application failing to verify the usage of the index into the array, the application will copy the contents of the specified element into a statically sized buffer on the stack. This can lead to code execution under the context of the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-02-07 CVE Published
- 2011-02-10 CVE Reserved
- 2011-04-29 First Exploit
- 2024-08-06 CVE Updated
- 2024-11-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft | X_refsource_misc | |
| http://secunia.com/advisories/39122 | Third Party Advisory | |
| http://secunia.com/advisories/43232 | Third Party Advisory | |
| http://securityreason.com/securityalert/8231 | Third Party Advisory | |
| http://www.securitytracker.com/id?1025337 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA11-102A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0940 | Vdb Entry | |
| http://zerodayinitiative.com/advisories/ZDI-11-042 | X_refsource_misc | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/17227 | 2011-04-29 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2002 Search vendor "Microsoft" for product "Excel" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2003 Search vendor "Microsoft" for product "Excel" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2007 Search vendor "Microsoft" for product "Excel" and version "2007" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Viewer Search vendor "Microsoft" for product "Excel Viewer" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2004 Search vendor "Microsoft" for product "Office" and version "2004" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | 2007 Search vendor "Microsoft" for product "Office Compatibility Pack" and version "2007" | sp2 |
Affected
| ||||||