Oval Definition:oval:org.mitre.oval:def:14789
Revision Date:2014-06-30Version:20
Title:Excel SXLI Record Memory Corruption Vulnerability
Description:Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-0184
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Excel Viewer
Definition Synopsis
  • Vulnerable Excel 2003 (KB2597086)
  • Microsoft Excel 2003 is installed
  • AND Excel.exe version is less than 11.0.8346
  • OR Vulnerable Excel 2007 (KB2597161)
  • Microsoft Excel 2007 is installed
  • AND Excel.exe version is less than 12.0.6661.5000
  • OR Vulnerable Excel 2010 (KB2597166)
  • Microsoft Excel 2010 is installed
  • AND Excel.exe version is less than 14.0.6117.5003
  • OR Microsoft Office 2007 (KB2597969)
  • Microsoft Office 2007 SP2 is installed
  • OR Microsoft Office 2007 SP3 is installed
  • AND Graph.Exe version is less than 12.0.6658.5004
  • OR Microsoft Office 2010 (KB2553371)
  • Microsoft Office 2010 is installed
  • AND Graph.Exe is less than 14.0.6117.5003
  • OR Excel Viewer (KB2596842)
  • Microsoft Excel Viewer 2007 is installed
  • AND Xlview.exe is less than 12.0.6658.5004
  • OR Vulnerable Compatibility Pack (KB2597162)
  • Microsoft Office Compatibility Pack is installed
  • AND Excelcnv.exe version is less than 12.0.6661.5000
    • BACK