CVE-2011-1987

Executive Summary

Informations
Name	CVE-2011-1987	First vendor Publication	2011-09-15
Vendor	Cve	Last vendor Modification	2012-01-26

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1987

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12953

Oval ID:	oval:org.mitre.oval:def:12953
Title:	Excel Out of Bounds Array Indexing Vulnerability
Description:	Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1987	Version:	7
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Excel 2003 Microsoft Excel 2010 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack
Definition Synopsis:
Vulnerable Excel 2003 (KB2553072) Microsoft Excel 2003 is installed AND Excel.exe version is less than 11.0.8341.0 OR Vulnerable Excel 2007 (KB2553073) Microsoft Excel 2007 is installed AND Excel.exe version is less than 12.0.6565.5003 OR Microsoft Office 2007 (KB2553089) Microsoft Office 2007 is installed AND Oart.dll version is less than 12.0.6565.5000 OR Microsoft Office 2007 (KB2553090) Microsoft Office 2007 is installed AND Oartconv.dll version is less than 12.0.6565.5000 OR Vulnerable Excel 2010 (KB2553070) Microsoft Excel 2010 is installed AND Excel.exe version is less than 14.0.6106.5005 OR Microsoft Office 2010 (KB2553091) Microsoft Office 2010 is installed AND Oart.dll is less than 14.0.6106.5005 OR Microsoft Office 2010 (KB2553096) Microsoft Office 2010 is installed AND Oartconv.dll is less than 14.0.6106.5005 OR Excel Viewer (KB2553075) Microsoft Excel Viewer 2007 is installed AND Xlview.exe is less than 12.0.6565.5000 OR Vulnerable Compatibility Pack, Office 2007 (KB2553074) Compatibility Pack or Office 2007 Microsoft Office Compatibility Pack is installed AND Microsoft Office 2007 is installed AND Excelcnv.exe version is less than 12.0.6565.5003

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Excel cpe:/a:microsoft:excel:2010::x32 cpe:/a:microsoft:excel:2010::x64 cpe:/a:microsoft:excel:2010:sp1:x64 cpe:/a:microsoft:excel:2010:sp1:x32 cpe:/a:microsoft:excel:2007:sp2 cpe:/a:microsoft:excel:2003:sp3	6
Application	Microsoft Excel Viewer cpe:/a:microsoft:excel_viewer::sp2	1
Application	Microsoft Office cpe:/a:microsoft:office:2011::mac cpe:/a:microsoft:office:2010::x64 cpe:/a:microsoft:office:2010:sp1:x32 cpe:/a:microsoft:office:2010::x32 cpe:/a:microsoft:office:2010:sp1:x64 cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:2007:sp2 cpe:/a:microsoft:office:2004::mac	8
Application	Microsoft Office Compatibility Pack cpe:/a:microsoft:office_compatibility_pack:2007:sp2	1
Application	Microsoft Open Xml File Format Converter cpe:/a:microsoft:open_xml_file_format_converter:::mac	1

Open Source Vulnerability Database (OSVDB)

id	Description
75384	Microsoft Office Excel Unspecified Array-Indexing Weakness Excel File Handlin...

Internal Sources (Detail)

Source	Url
CERT	http://www.us-cert.gov/cas/techalerts/TA11-256A.html
MS	http://technet.microsoft.com/en-us/security/bulletin/MS11-072

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:00:57	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	17
osvdb(s)	1

Related	Severity
TA11-256A	(Critical)
MS11-096	(Critical)
MS11-072	(Critical)

Same Subject	Severity
Login to view 20 more Alert(s)

CVE-2011-1987

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU