Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0978

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-0978
Last Modified 15 Jan 2013 12:00:00
Published 10 Feb 2011 02:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0978

Summary

Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."

Vulnerable Systems

Application

  • Microsoft Excel

  • Microsoft Excel 2002

  • Microsoft Excel 2003

  • Microsoft Excel 2007

  • Microsoft Excel Viewer -

  • Microsoft Office 2004

  • Microsoft Office Compatibility Pack 2007


References

CERT - TA11-102A

MISC - http://zerodayinitiative.com/advisories/ZDI-11-042/

VUPEN - ADV-2011-0940

SECTRACK - 1025337

MS - MS11-021

SREASON - 8231

SECUNIA - 43232

SECUNIA - 39122

MISC - http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

Related Patches

MS11-021 Security Update for Microsoft Excel 2010, 32-Bit Edition (KB2466146)

MS11-021 Security Update for Microsoft Excel 2010, 64-Bit Edition (KB2466146)

MS11-021 2489279 2466158 Security Update for Microsoft Office Excel Viewer 2007 (All Languages)


Last Updated: 27 May 2016 11:01:38