Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0980

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-0980
Last Modified 15 Jan 2013 12:00:00
Published 10 Feb 2011 02:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0980

Summary

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."

Vulnerable Systems

Application

  • Microsoft Excel 2002

  • Microsoft Excel 2003

  • Microsoft Office 2004

  • Microsoft Office 2008

  • Microsoft Open Xml File Format Converter


References

CERT - TA11-102A

MISC - http://zerodayinitiative.com/advisories/ZDI-11-040/

VUPEN - ADV-2011-0940

SECTRACK - 1025337

MS - MS11-021

SECUNIA - 43210

SECUNIA - 39122

MISC - http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

Related Patches

MS11-021 Security Update for Microsoft Excel 2010, 32-Bit Edition (KB2466146)

MS11-021 Security Update for Microsoft Excel 2010, 64-Bit Edition (KB2466146)

MS11-021 2489279 2466158 Security Update for Microsoft Office Excel Viewer 2007 (All Languages)


Last Updated: 27 May 2016 11:01:38