cvelistv5 - cve-2011-0097

CVE-2011-0097 (GCVE-0-2011-0097)

Vulnerability from cvelistv5 – Published: 2011-04-13 18:00 – Updated: 2024-08-06 21:43

Summary

Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka "Excel Integer Overrun Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/39122	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/secunia_research/2011-31	x_refsource_MISC
	http://osvdb.org/71758	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1025337	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/47201	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2011/0940	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:43:14.769Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA11-102A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "name": "39122",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39122"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2011-31"
          },
          {
            "name": "71758",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/71758"
          },
          {
            "name": "1025337",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025337"
          },
          {
            "name": "MS11-021",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
          },
          {
            "name": "oval:org.mitre.oval:def:12612",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
          },
          {
            "name": "47201",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47201"
          },
          {
            "name": "ADV-2011-0940",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0940"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA11-102A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
        },
        {
          "name": "39122",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39122"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2011-31"
        },
        {
          "name": "71758",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/71758"
        },
        {
          "name": "1025337",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025337"
        },
        {
          "name": "MS11-021",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
        },
        {
          "name": "oval:org.mitre.oval:def:12612",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
        },
        {
          "name": "47201",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47201"
        },
        {
          "name": "ADV-2011-0940",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0940"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-0097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "39122",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39122"
            },
            {
              "name": "http://secunia.com/secunia_research/2011-31",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2011-31"
            },
            {
              "name": "71758",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/71758"
            },
            {
              "name": "1025337",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025337"
            },
            {
              "name": "MS11-021",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
            },
            {
              "name": "oval:org.mitre.oval:def:12612",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
            },
            {
              "name": "47201",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47201"
            },
            {
              "name": "ADV-2011-0940",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0940"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-0097",
    "datePublished": "2011-04-13T18:00:00",
    "dateReserved": "2010-12-21T00:00:00",
    "dateUpdated": "2024-08-06T21:43:14.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:-:-:x64:*:*:*:*:*\", \"matchCriteriaId\": \"A7870548-E23F-469A-B205-BB30E49718B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"896E23B1-AB34-43FF-96F3-BA6ED7F162AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"273729C3-56BF-454A-8697-473094EA828F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98BF87B2-CE8F-4977-9436-9BE5821CF1B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AEBCD21-942F-44A9-B77E-8FC944F969F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"5BA91840-371C-4282-9F7F-B393F785D260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4B44889-AEEB-4713-A047-C27B802DB257\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"3807A4E4-EB58-47B6-AD98-6ED464DEBA4E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \\\"Excel Integer Overrun Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de enteros en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2, de Microsoft , permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de una subcorriente 400h dise\\u00f1ada en un archivo de Excel, que desencadena un desbordamiento de b\\u00fafer en la regi\\u00f3n stack de la memoria, tambi\\u00e9n se conoce como \\\"Excel Integer Overrun Vulnerability.\\\"\"}]",
      "id": "CVE-2011-0097",
      "lastModified": "2024-11-21T01:23:19.410",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-04-13T18:55:01.080",
      "references": "[{\"url\": \"http://osvdb.org/71758\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/39122\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2011-31\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/47201\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025337\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0940\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://osvdb.org/71758\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/39122\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2011-31\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/47201\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0940\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0097\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2011-04-13T18:55:01.080\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \\\"Excel Integer Overrun Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de enteros en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2, de Microsoft , permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una subcorriente 400h dise\u00f1ada en un archivo de Excel, que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, tambi\u00e9n se conoce como \\\"Excel Integer Overrun Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:-:-:x64:*:*:*:*:*\",\"matchCriteriaId\":\"A7870548-E23F-469A-B205-BB30E49718B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"896E23B1-AB34-43FF-96F3-BA6ED7F162AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"273729C3-56BF-454A-8697-473094EA828F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98BF87B2-CE8F-4977-9436-9BE5821CF1B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AEBCD21-942F-44A9-B77E-8FC944F969F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"5BA91840-371C-4282-9F7F-B393F785D260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B44889-AEEB-4713-A047-C27B802DB257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"3807A4E4-EB58-47B6-AD98-6ED464DEBA4E\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/71758\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/39122\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2011-31\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/47201\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1025337\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0940\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/71758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2011-31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/47201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2011-0097

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0097

Aliases

CVE-2011-0097

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0097",
    "description": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\"",
    "id": "GSD-2011-0097"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0097"
      ],
      "details": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\"",
      "id": "GSD-2011-0097",
      "modified": "2023-12-13T01:19:03.939418Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2011-0097",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA11-102A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "name": "39122",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39122"
          },
          {
            "name": "http://secunia.com/secunia_research/2011-31",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2011-31"
          },
          {
            "name": "71758",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/71758"
          },
          {
            "name": "1025337",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025337"
          },
          {
            "name": "MS11-021",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
          },
          {
            "name": "oval:org.mitre.oval:def:12612",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
          },
          {
            "name": "47201",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/47201"
          },
          {
            "name": "ADV-2011-0940",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0940"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:-:-:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-0097"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1025337",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025337"
            },
            {
              "name": "71758",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/71758"
            },
            {
              "name": "http://secunia.com/secunia_research/2011-31",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/secunia_research/2011-31"
            },
            {
              "name": "ADV-2011-0940",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0940"
            },
            {
              "name": "39122",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/39122"
            },
            {
              "name": "47201",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/47201"
            },
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12612",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
            },
            {
              "name": "MS11-021",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:59Z",
      "publishedDate": "2011-04-13T18:55Z"
    }
  }
}

FKIE_CVE-2011-0097

Vulnerability from fkie_nvd - Published: 2011-04-13 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/71758
secure@microsoft.com	http://secunia.com/advisories/39122	Vendor Advisory
secure@microsoft.com	http://secunia.com/secunia_research/2011-31	Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/47201
secure@microsoft.com	http://www.securitytracker.com/id?1025337
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2011/0940	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/71758
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39122	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2011-31	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47201
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025337
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0940	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612

Impacted products

Vendor	Product	Version
microsoft	excel	-
microsoft	excel	2002
microsoft	excel	2003
microsoft	excel	2007
microsoft	excel	2010
microsoft	excel_viewer	-
microsoft	office	2004
microsoft	office	2008
microsoft	office_compatibility_pack	2007
microsoft	open_xml_file_format_converter	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:-:-:x64:*:*:*:*:*",
              "matchCriteriaId": "A7870548-E23F-469A-B205-BB30E49718B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9AEBCD21-942F-44A9-B77E-8FC944F969F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de enteros en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2, de Microsoft , permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una subcorriente 400h dise\u00f1ada en un archivo de Excel, que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, tambi\u00e9n se conoce como \"Excel Integer Overrun Vulnerability.\""
    }
  ],
  "id": "CVE-2011-0097",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-04-13T18:55:01.080",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/71758"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39122"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2011-31"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/47201"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025337"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0940"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/71758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2011-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RWHW-8CJM-HQ34

Vulnerability from github – Published: 2022-05-14 02:36 – Updated: 2022-05-14 02:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0097"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-04-13T18:55:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\"",
  "id": "GHSA-rwhw-8cjm-hq34",
  "modified": "2022-05-14T02:36:06Z",
  "published": "2022-05-14T02:36:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0097"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/71758"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39122"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2011-31"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47201"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025337"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0940"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-204

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités présentes dans Microsoft Excel permettent à un utilisateur distant malintentionné de provoquer un déni de service ou d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités sont présentes dans le tableur Microsoft Excel. Elles permettent à un utilisateur distant malintentionné de provoquer un déni de service ou d'exécuter du code arbitraire à distance via un fichier xls construit de façon particulière.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2010 (édition 32-bit) ;
Microsoft	Office	Microsoft Office 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	N/A	Microsoft Excel 2010 (édition 64-bit) ;
Microsoft	N/A	Microsoft Excel 2002 Service Pack 3 ;
Microsoft	N/A	Microsoft Excel 2007 Service Pack 2 ;
Microsoft	N/A	Microsoft Excel 2010 (édition 32-bit) ;
Microsoft	Office	Microsoft Office pour Mac 2011 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	N/A	Microsoft Excel 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office Compatibility Pack pour les fichiers au format Word, Excel, et PowerPoint 2007 Service Pack 2.
Microsoft	Office	Microsoft Office 2008 pour Mac ;
Microsoft	Office	Microsoft Office 2010 (édition 64-bit) ;
Microsoft	N/A	Microsoft Excel Viewer Service Pack 2 ;
Microsoft	Office	Microsoft Office pour Mac ;
Microsoft	N/A	Convertisseur de fichiers Open XML pour Mac ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-021 du 12 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2010 (\u00e9dition 32-bit) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 (\u00e9dition 64-bit) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2007 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 (\u00e9dition 32-bit) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Mac 2011 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2003 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack pour les fichiers au format Word, Excel, et PowerPoint 2007 Service Pack 2.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 (\u00e9dition 64-bit) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel Viewer Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Convertisseur de fichiers Open XML pour Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le tableur Microsoft Excel.\nElles permettent \u00e0 un utilisateur distant malintentionn\u00e9 de provoquer un\nd\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance via un\nfichier xls construit de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0101"
    },
    {
      "name": "CVE-2011-0980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0980"
    },
    {
      "name": "CVE-2011-0103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0103"
    },
    {
      "name": "CVE-2011-0978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0978"
    },
    {
      "name": "CVE-2011-0979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0979"
    },
    {
      "name": "CVE-2011-0105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0105"
    },
    {
      "name": "CVE-2011-0104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0104"
    },
    {
      "name": "CVE-2011-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0098"
    },
    {
      "name": "CVE-2011-0097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0097"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-204",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Microsoft Excel permettent \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-021 du 12 avril 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-021.mspx"
    }
  ]
}

CERTA-2011-AVI-204

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités présentes dans Microsoft Excel permettent à un utilisateur distant malintentionné de provoquer un déni de service ou d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2010 (édition 32-bit) ;
Microsoft	Office	Microsoft Office 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	N/A	Microsoft Excel 2010 (édition 64-bit) ;
Microsoft	N/A	Microsoft Excel 2002 Service Pack 3 ;
Microsoft	N/A	Microsoft Excel 2007 Service Pack 2 ;
Microsoft	N/A	Microsoft Excel 2010 (édition 32-bit) ;
Microsoft	Office	Microsoft Office pour Mac 2011 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	N/A	Microsoft Excel 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office Compatibility Pack pour les fichiers au format Word, Excel, et PowerPoint 2007 Service Pack 2.
Microsoft	Office	Microsoft Office 2008 pour Mac ;
Microsoft	Office	Microsoft Office 2010 (édition 64-bit) ;
Microsoft	N/A	Microsoft Excel Viewer Service Pack 2 ;
Microsoft	Office	Microsoft Office pour Mac ;
Microsoft	N/A	Convertisseur de fichiers Open XML pour Mac ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-021 du 12 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2010 (\u00e9dition 32-bit) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 (\u00e9dition 64-bit) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2007 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 (\u00e9dition 32-bit) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Mac 2011 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2003 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack pour les fichiers au format Word, Excel, et PowerPoint 2007 Service Pack 2.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 (\u00e9dition 64-bit) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel Viewer Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Convertisseur de fichiers Open XML pour Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le tableur Microsoft Excel.\nElles permettent \u00e0 un utilisateur distant malintentionn\u00e9 de provoquer un\nd\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance via un\nfichier xls construit de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0101"
    },
    {
      "name": "CVE-2011-0980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0980"
    },
    {
      "name": "CVE-2011-0103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0103"
    },
    {
      "name": "CVE-2011-0978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0978"
    },
    {
      "name": "CVE-2011-0979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0979"
    },
    {
      "name": "CVE-2011-0105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0105"
    },
    {
      "name": "CVE-2011-0104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0104"
    },
    {
      "name": "CVE-2011-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0098"
    },
    {
      "name": "CVE-2011-0097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0097"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-204",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Microsoft Excel permettent \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-021 du 12 avril 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-021.mspx"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0097 (GCVE-0-2011-0097)

GSD-2011-0097

FKIE_CVE-2011-0097

GHSA-RWHW-8CJM-HQ34

CERTA-2011-AVI-204

Description

Solution

CERTA-2011-AVI-204

Description

Solution

Tags

Sightings

Nomenclature