Oval Definition:oval:org.mitre.oval:def:12354
Revision Date:2014-06-30Version:22
Title:Excel Improper Record Parsing Vulnerability
Description:Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Improper Record Parsing Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-1273
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office Compatibility Pack
Microsoft Office Excel Viewer
Definition Synopsis
  • Vulnerable Excel 2002
  • Microsoft Excel 2002 is installed
  • AND Excel.exe version is less than 10.0.6871.0
  • OR Vulnerable Excel 2003
  • Microsoft Excel 2003 is installed
  • AND Excel.exe version is less than 11.0.8335.0
  • OR Vulnerable Excel 2007
  • Microsoft Excel 2007 is installed
  • AND Excel.exe version is less than 12.0.6557.5000
  • OR Vulnerable Excel 2010
  • Microsoft Excel 2010 is installed
  • AND Excel.exe version is less than 14.0.5138.5000
  • OR Vulnerable Excel Viewer 2007
  • Microsoft Excel Viewer 2007 is installed
  • AND Xlview.exe version is less than 12.0.6557.5000
  • OR Vulnerable Compatibility Pack, Office 2007
  • Compatibility Pack or Office 2007
  • Microsoft Office Compatibility Pack is installed
  • OR Microsoft Office 2007 is installed
  • AND Excelcnv.exe version is less than 12.0.6557.5000
    • BACK