| Vulnerability Name: | CVE-2011-1273 (CCN-67711) | ||||||||
| Assigned: | 2011-06-14 | ||||||||
| Published: | 2011-06-14 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Improper Record Parsing Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-1273 Source: OSVDB Type: UNKNOWN 72921 Source: CCN Type: SA44901 Microsoft Office Excel Multiple Vulnerabilities Source: CCN Type: SA44931 Microsoft Office Excel Unspecified Record Parsing Vulnerability Source: SECUNIA Type: UNKNOWN 44931 Source: CCN Type: SA44933 Microsoft Office for Mac Two Unspecified Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) Source: CCN Type: Microsoft Security Bulletin MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Source: CCN Type: Microsoft Security Bulletin MS14-083 Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: CCN Type: Microsoft Security Bulletin MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) Source: CCN Type: Microsoft Security Bulletin MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) Source: CCN Type: OSVDB ID: 72921 Microsoft Office Excel Improper Record Parsing Unspecified Arbitrary Code Execution Source: CCN Type: BID-48158 Microsoft Improper Record Parsing CVE-2011-1273 Remote Code Execution Vulnerability Source: MS Type: UNKNOWN MS11-045 Source: XF Type: UNKNOWN excel-info-code-execution(67711) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:12354 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||