Executive Summary

Informations
Name CVE-2011-1986 First vendor Publication 2011-09-15
Vendor Cve Last vendor Modification 2018-10-12

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1986

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12345
 
Oval ID: oval:org.mitre.oval:def:12345
Title: Excel Use after Free WriteAV Vulnerability
Description: Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1986
 Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft Excel 2003
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2011-09-14 Name : Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
File : nvt/secpod_ms11-072.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75383 Microsoft Office Excel Unspecified Use-after-free Memory Dereference Excel Fi...

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-09-15 IAVM : 2011-A-0124 - Multiple Vulnerabilities in Microsoft Office Excel
Severity : Category II - VMSKEY : V0030245

Snort® IPS/IDS

Date Description
2019-04-23 Microsoft Office Excel conditional code execution attempt
RuleID : 49501 - Revision : 1 - Type : FILE-OFFICE
2019-04-23 Microsoft Office Excel conditional code execution attempt
RuleID : 49500 - Revision : 1 - Type : FILE-OFFICE
2014-12-09 Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt
RuleID : 32377 - Revision : 4 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Excel invalid Lbl record attempt
RuleID : 31579 - Revision : 3 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Excel malformed chart arbitrary code execution attempt
RuleID : 31441 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel ShrFmla record use after free attempt
RuleID : 28137 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid Lbl record
RuleID : 23533 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid Lbl record
RuleID : 23532 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid Lbl record
RuleID : 23531 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt
RuleID : 20128 - Revision : 20 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel Conditional Formatting record vulnerability
RuleID : 20127 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid Lbl record
RuleID : 20126 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid Lbl record
RuleID : 20125 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid Lbl record attempt
RuleID : 20124 - Revision : 17 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel ShrFmla record use after free attempt
RuleID : 20123 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid AxisParent record
RuleID : 20122 - Revision : 10 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid AxisParent record
RuleID : 20121 - Revision : 10 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel malformed chart arbitrary code execution attempt
RuleID : 13981 - Revision : 22 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_puppet-120411.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms11-072.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms11-072.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CERT http://www.us-cert.gov/cas/techalerts/TA11-256A.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:14:31
  • Multiple Updates
2021-04-22 01:15:48
  • Multiple Updates
2020-05-23 00:28:33
  • Multiple Updates
2018-10-13 05:18:32
  • Multiple Updates
2017-09-19 09:24:27
  • Multiple Updates
2016-04-26 20:46:20
  • Multiple Updates
2014-02-17 11:02:32
  • Multiple Updates
2014-01-19 21:27:51
  • Multiple Updates
2013-11-11 12:39:25
  • Multiple Updates
2013-05-10 23:00:56
  • Multiple Updates