Executive Summary

Informations
Name	CVE-2011-1986	First vendor Publication	2011-09-15
Vendor	Cve	Last vendor Modification	2012-01-26

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1986

CWE : Common Weakness Enumeration

id	Name
CWE-399	Resource Management Errors

OVAL Definitions

 

Definition Id: oval:org.mitre.oval:def:12345
Oval ID:	oval:org.mitre.oval:def:12345
Title:	Excel Use after Free WriteAV Vulnerability
Description:	Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1986	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Excel 2003
Definition Synopsis:
Microsoft Excel 2003 is installed AND Excel.exe version is less than 11.0.8341.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Excel cpe:/a:microsoft:excel:2003:sp3	1

Open Source Vulnerability Database (OSVDB)

id	Description
75383	Microsoft Office Excel Unspecified Use-after-free Memory Dereference Excel Fi...

Internal Sources (Detail)

Source	Url
CERT	http://www.us-cert.gov/cas/techalerts/TA11-256A.html
MS	http://technet.microsoft.com/en-us/security/bulletin/MS11-072

Alert History

Date	Informations
2013-05-10 23:00:56	Multiple Updates