Oval Definition:oval:org.mitre.oval:def:14738
Revision Date:2014-06-30Version:20
Title:Excel MergeCells Record Heap Overflow Vulnerability
Description:Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-0185
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Excel Viewer
Definition Synopsis
  • Vulnerable Excel 2007 (KB2597161)
  • Microsoft Excel 2007 is installed
  • AND Excel.exe version is less than 12.0.6661.5000
  • OR Vulnerable Excel 2010 (KB2597166)
  • Microsoft Excel 2010 is installed
  • AND Excel.exe version is less than 14.0.6117.5003
  • OR Microsoft Office 2007 (KB2597969)
  • Microsoft Office 2007 SP2 is installed
  • OR Microsoft Office 2007 SP3 is installed
  • AND Graph.Exe version is less than 12.0.6658.5004
  • OR Microsoft Office 2010 (KB2553371)
  • Microsoft Office 2010 is installed
  • AND Graph.Exe is less than 14.0.6117.5003
  • OR Excel Viewer (KB2596842)
  • Microsoft Excel Viewer 2007 is installed
  • AND Xlview.exe is less than 12.0.6658.5004
  • OR Vulnerable Compatibility Pack (KB2597162)
  • Microsoft Office Compatibility Pack is installed
  • AND Excelcnv.exe version is less than 12.0.6661.5000
    • BACK