Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1887

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-1887
Last Modified 02 Nov 2013 11:23:30
Published 13 Nov 2012 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1887

Summary

Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."

Vulnerable Systems

Application

  • Microsoft Excel 2003

  • Microsoft Excel 2007

  • Microsoft Excel 2010

  • Microsoft Office 2008

  • Microsoft Office 2011


References

MS - MS12-076

CERT - TA12-318A

XF - microsoft-excel-ssl-code-exec(78074)

BID - 56430

SECTRACK - 1027752

Related Patches

MS12-076 2720184 2764048 Microsoft Office 2008 for Mac Update 12.3.5 (Rev 2)

MS12-076 2720184 2764047 Microsoft Office 2011 for Mac Update 14.2.5 (Rev 2)

MS12-076 Security Update for Microsoft Excel 2010 32-Bit Edition (KB2597126) (See Notes)


Last Updated: 27 May 2016 10:58:27