CVE-2011-1990
Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
Microsoft Excel 2007 Service Pack 2; Excel en Office 2007 SP2, Excel Viewer SP2, Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, y Servicios de Excel en Office SharePoint Server 2007 SP2 no validan correctamente el signo de un índice no especificado de una matriz, lo que permite ejecutar código de su elección a atacantes remotos a través de una hoja de cálculo debidamente modificada. Es un problema también conocido como "Vulnerabilidad de indexación de matrices fuera de límites".
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of a record inside a Microsoft Office Excel or PowerPoint document. When parsing a signed field from this structure, the application will use the field to seek into an array of objects. Due to this unbounded index, an attacker can cause an element outside the array to be treated as a different type. This type of corruption can lead to code execution under the context of the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-05-09 CVE Reserved
- 2011-09-15 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2007 Search vendor "Microsoft" for product "Excel" and version "2007" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Viewer Search vendor "Microsoft" for product "Excel Viewer" | * | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | 2007 Search vendor "Microsoft" for product "Office Compatibility Pack" and version "2007" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2007 Search vendor "Microsoft" for product "Sharepoint Server" and version "2007" | sp2, x32 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2007 Search vendor "Microsoft" for product "Sharepoint Server" and version "2007" | sp2, x64 |
Affected
| ||||||