Executive Summary

Summary
TitleVulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
Informations
NameMS11-096First vendor Publication2011-12-13
VendorMicrosoftLast vendor Modification2011-12-21
Severity (Vendor) ImportantRevision 1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important

Revision Note: V1.1 (December 21, 2011): Added Microsoft Office Compatibility Pack Service Pack 3 to the Non-Affected Software table. This is an informational change only. There were no changes to the detection logic or the update files.

Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-096

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-94Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12345
 
Oval ID: oval:org.mitre.oval:def:12345
Title: Excel Use after Free WriteAV Vulnerability
Description: Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1986
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Excel 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12953
 
Oval ID: oval:org.mitre.oval:def:12953
Title: Excel Out of Bounds Array Indexing Vulnerability
Description: Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1987
Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14702
 
Oval ID: oval:org.mitre.oval:def:14702
Title: Record Memory Corruption Vulnerability
Description: Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3403
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Excel 2003
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6
Application1
Application8
Application1
Application1

OpenVAS Exploits

DateDescription
2011-12-14Name : Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
File : nvt/secpod_ms11-096.nasl
2011-09-14Name : Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
File : nvt/secpod_ms11-072.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
77661Microsoft Office Excel Record Parsing Object Handling Remote Memory Corruption
75384Microsoft Office Excel Unspecified Array-Indexing Weakness Excel File Handlin...
75383Microsoft Office Excel Unspecified Use-after-free Memory Dereference Excel Fi...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2011-09-15IAVM : 2011-A-0124 - Multiple Vulnerabilities in Microsoft Office Excel
Severity : Category II - VMSKEY : V0030245

Snort® IPS/IDS

DateDescription
2014-11-16Microsoft Office Excel malformed chart arbitrary code execution attempt
RuleID : 31441 - Revision : 1 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel ShrFmla record use after free attempt
RuleID : 28137 - Revision : 3 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel Lel record memory corruption attempt
RuleID : 21422 - Revision : 6 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel Lel record memory corruption attempt
RuleID : 20718 - Revision : 10 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel ShrFmla record use after free attempt
RuleID : 20123 - Revision : 12 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel invalid AxisParent record
RuleID : 20122 - Revision : 10 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel invalid AxisParent record
RuleID : 20121 - Revision : 10 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel malformed chart arbitrary code execution attempt
RuleID : 13981 - Revision : 18 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

DateDescription
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_puppet-120411.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms11-096.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : macosx_ms_office_dec2011.nasl - Type : ACT_GATHER_INFO
2011-09-14Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms11-072.nasl - Type : ACT_GATHER_INFO
2011-09-14Name : Arbitrary code can be executed on the remote host through Microsoft Excel.
File : macosx_ms11-072.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:47:11
  • Multiple Updates
2014-01-19 21:30:46
  • Multiple Updates
2013-01-30 13:26:55
  • Multiple Updates