cvelistv5 - cve-2011-1989

CVE-2011-1989 (GCVE-0-2011-1989)

Vulnerability from cvelistv5 – Published: 2011-09-15 10:00 – Updated: 2024-08-06 22:46

Summary

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA11-256A.html	third-party-advisoryx_refsource_CERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:12974",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
          },
          {
            "name": "MS11-072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
          },
          {
            "name": "TA11-256A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:12974",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
        },
        {
          "name": "MS11-072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
        },
        {
          "name": "TA11-256A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1989",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:12974",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
            },
            {
              "name": "MS11-072",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
            },
            {
              "name": "TA11-256A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1989",
    "datePublished": "2011-09-15T10:00:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"273729C3-56BF-454A-8697-473094EA828F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"51172DC6-4217-44B9-AAA8-82B93FDBFC30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"01CBB518-3740-424F-82AD-DF6036155326\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*\", \"matchCriteriaId\": \"BE381B87-A400-4EAB-8085-CB9C34522DD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*\", \"matchCriteriaId\": \"84CD3A20-1082-4685-98B0-3492228F869E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EADA2495-FF61-4E02-B469-3D9E28BBD06E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_web_app:2010:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E548F0F4-2FA3-4F47-85C7-8F9BFDE86E59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"08AF794A-435D-4171-9DBB-EB7FAED96DBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"5BA91840-371C-4282-9F7F-B393F785D260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"9AC0BEF9-2417-48C5-BC95-F95F41F08795\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"C60D2557-347B-41BD-91D5-A51C88630B73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*\", \"matchCriteriaId\": \"C91F1A74-BE24-4EF7-8E3B-E5E6448E7E40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*\", \"matchCriteriaId\": \"8239CEF1-BD02-4ACE-A0C2-75A9EAA15914\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"0D84FC39-29AA-4EF2-ACE7-E72635126F2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4B44889-AEEB-4713-A047-C27B802DB257\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"3807A4E4-EB58-47B6-AD98-6ED464DEBA4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*\", \"matchCriteriaId\": \"586E6C37-346C-40BA-AC89-2CEB8C44E190\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"48EB5C93-55BF-4608-A9DC-EDD8DE15EE44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FA65D4A-00C8-47E2-AF9F-6B420017CD29\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \\\"Excel Conditional Expression Parsing Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Service Pack 1 Gold y SP1; Excel en Office 2010 Service Pack 1 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, Servicios de Excel en Office SharePoint Server 2007 SP2, Servicios de Excel en Office SharePoint Server 2010 Gold y SP1, y Excel Web Access 2010 Gold y SP1 no analizan correctamente las expresiones condicionales asociadas con requisitos de formato, lo que permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de una hoja de c\\u00e1lculo debidamente modificada. Es un problema tambi\\u00e9n conocido como \\\"Vulnerabilidad de an\\u00e1lisis de expresiones condicionales de Excel\\\".\"}]",
      "id": "CVE-2011-1989",
      "lastModified": "2024-11-21T01:27:26.483",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-09-15T12:26:48.947",
      "references": "[{\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-256A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-256A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1989\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2011-09-15T12:26:48.947\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \\\"Excel Conditional Expression Parsing Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Service Pack 1 Gold y SP1; Excel en Office 2010 Service Pack 1 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, Servicios de Excel en Office SharePoint Server 2007 SP2, Servicios de Excel en Office SharePoint Server 2010 Gold y SP1, y Excel Web Access 2010 Gold y SP1 no analizan correctamente las expresiones condicionales asociadas con requisitos de formato, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo debidamente modificada. Es un problema tambi\u00e9n conocido como \\\"Vulnerabilidad de an\u00e1lisis de expresiones condicionales de Excel\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"273729C3-56BF-454A-8697-473094EA828F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"51172DC6-4217-44B9-AAA8-82B93FDBFC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"01CBB518-3740-424F-82AD-DF6036155326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*\",\"matchCriteriaId\":\"BE381B87-A400-4EAB-8085-CB9C34522DD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*\",\"matchCriteriaId\":\"84CD3A20-1082-4685-98B0-3492228F869E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EADA2495-FF61-4E02-B469-3D9E28BBD06E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_web_app:2010:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E548F0F4-2FA3-4F47-85C7-8F9BFDE86E59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"08AF794A-435D-4171-9DBB-EB7FAED96DBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"5BA91840-371C-4282-9F7F-B393F785D260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"9AC0BEF9-2417-48C5-BC95-F95F41F08795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"C60D2557-347B-41BD-91D5-A51C88630B73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*\",\"matchCriteriaId\":\"C91F1A74-BE24-4EF7-8E3B-E5E6448E7E40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*\",\"matchCriteriaId\":\"8239CEF1-BD02-4ACE-A0C2-75A9EAA15914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"0D84FC39-29AA-4EF2-ACE7-E72635126F2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B44889-AEEB-4713-A047-C27B802DB257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"3807A4E4-EB58-47B6-AD98-6ED464DEBA4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*\",\"matchCriteriaId\":\"586E6C37-346C-40BA-AC89-2CEB8C44E190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"48EB5C93-55BF-4608-A9DC-EDD8DE15EE44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FA65D4A-00C8-47E2-AF9F-6B420017CD29\"}]}]}],\"references\":[{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-256A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-256A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2011-1989

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1989

Aliases

CVE-2011-1989

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1989",
    "description": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\"",
    "id": "GSD-2011-1989"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1989"
      ],
      "details": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\"",
      "id": "GSD-2011-1989",
      "modified": "2023-12-13T01:19:08.713434Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2011-1989",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:12974",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
          },
          {
            "name": "MS11-072",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
          },
          {
            "name": "TA11-256A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_web_app:2010:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1989"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA11-256A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12974",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
            },
            {
              "name": "MS11-072",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T22:01Z",
      "publishedDate": "2011-09-15T12:26Z"
    }
  }
}

CERTA-2011-AVI-512

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Excel permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Cinq vulnérabilités ont été découvertes dans Microsoft Excel. Elles permettent à une personne distante malintentionnée d'exécuter du code arbitraire à distance via un fichier Excel spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2.
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 for Mac ;
Microsoft	Office	Microsoft Office 2010 Service Pack 1 (64-bit editions) ;
Microsoft	Office	Microsoft Office 2008 for Mac ;
Microsoft	Office	Microsoft Office 2010 Service Pack 1 (32-bit editions) ;
Microsoft	N/A	Open XML File Format Converter for Mac ;
Microsoft	N/A	Microsoft Excel Viewer Service Pack 2 ;
Microsoft	Office	Microsoft Office 2010 (64-bit editions) ;
Microsoft	Office	Microsoft Office 2010 (32-bit editions) ;
Microsoft	Office	Microsoft Office for Mac 2011 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-072 du 13 septembre 2011	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-072 du 13 septembre 2011 :	-	other
Bulletin de sécurité Microsoft MS11-072 du 13 septembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 for Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 1 (64-bit editions) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 for Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 1 (32-bit editions) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Open XML File Format Converter for Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel Viewer Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 (64-bit editions) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 (32-bit editions) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office for Mac 2011 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Excel. Elles\npermettent \u00e0 une personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance via un fichier Excel sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1987"
    },
    {
      "name": "CVE-2011-1989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1989"
    },
    {
      "name": "CVE-2011-1986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1986"
    },
    {
      "name": "CVE-2011-1988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1988"
    },
    {
      "name": "CVE-2011-1990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1990"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-072 du 13 septembre    2011 :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS11-072"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-072 du 13 septembre    2011 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-072.mspx"
    }
  ],
  "reference": "CERTA-2011-AVI-512",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Excel permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-072 du 13 septembre 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-512

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Excel permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2.
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 for Mac ;
Microsoft	Office	Microsoft Office 2010 Service Pack 1 (64-bit editions) ;
Microsoft	Office	Microsoft Office 2008 for Mac ;
Microsoft	Office	Microsoft Office 2010 Service Pack 1 (32-bit editions) ;
Microsoft	N/A	Open XML File Format Converter for Mac ;
Microsoft	N/A	Microsoft Excel Viewer Service Pack 2 ;
Microsoft	Office	Microsoft Office 2010 (64-bit editions) ;
Microsoft	Office	Microsoft Office 2010 (32-bit editions) ;
Microsoft	Office	Microsoft Office for Mac 2011 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-072 du 13 septembre 2011	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-072 du 13 septembre 2011 :	-	other
Bulletin de sécurité Microsoft MS11-072 du 13 septembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 for Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 1 (64-bit editions) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 for Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 1 (32-bit editions) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Open XML File Format Converter for Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel Viewer Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 (64-bit editions) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 (32-bit editions) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office for Mac 2011 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Excel. Elles\npermettent \u00e0 une personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance via un fichier Excel sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1987"
    },
    {
      "name": "CVE-2011-1989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1989"
    },
    {
      "name": "CVE-2011-1986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1986"
    },
    {
      "name": "CVE-2011-1988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1988"
    },
    {
      "name": "CVE-2011-1990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1990"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-072 du 13 septembre    2011 :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS11-072"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-072 du 13 septembre    2011 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-072.mspx"
    }
  ],
  "reference": "CERTA-2011-AVI-512",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Excel permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-072 du 13 septembre 2011",
      "url": null
    }
  ]
}

GHSA-VC7Q-73X4-CQQG

Vulnerability from github – Published: 2022-05-14 02:35 – Updated: 2022-05-14 02:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-09-15T12:26:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\"",
  "id": "GHSA-vc7q-73x4-cqqg",
  "modified": "2022-05-14T02:35:35Z",
  "published": "2022-05-14T02:35:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1989"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-1989

Vulnerability from fkie_nvd - Published: 2011-09-15 12:26 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA11-256A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-256A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974

Impacted products

Vendor	Product	Version
microsoft	excel	2003
microsoft	excel	2007
microsoft	excel	2010
microsoft	excel	2010
microsoft	excel	2010
microsoft	excel	2010
microsoft	excel_viewer	*
microsoft	excel_web_app	2010
microsoft	excel_web_app	2010
microsoft	office	2004
microsoft	office	2007
microsoft	office	2008
microsoft	office	2010
microsoft	office	2010
microsoft	office	2010
microsoft	office	2010
microsoft	office	2011
microsoft	office_compatibility_pack	2007
microsoft	open_xml_file_format_converter	*
microsoft	sharepoint_server	2007
microsoft	sharepoint_server	2007
microsoft	sharepoint_server	2010
microsoft	sharepoint_server	2010

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*",
              "matchCriteriaId": "51172DC6-4217-44B9-AAA8-82B93FDBFC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*",
              "matchCriteriaId": "01CBB518-3740-424F-82AD-DF6036155326",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "BE381B87-A400-4EAB-8085-CB9C34522DD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "84CD3A20-1082-4685-98B0-3492228F869E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADA2495-FF61-4E02-B469-3D9E28BBD06E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_web_app:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E548F0F4-2FA3-4F47-85C7-8F9BFDE86E59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9AC0BEF9-2417-48C5-BC95-F95F41F08795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*",
              "matchCriteriaId": "C60D2557-347B-41BD-91D5-A51C88630B73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "C91F1A74-BE24-4EF7-8E3B-E5E6448E7E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
              "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "586E6C37-346C-40BA-AC89-2CEB8C44E190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "48EB5C93-55BF-4608-A9DC-EDD8DE15EE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Service Pack 1 Gold y SP1; Excel en Office 2010 Service Pack 1 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, Servicios de Excel en Office SharePoint Server 2007 SP2, Servicios de Excel en Office SharePoint Server 2010 Gold y SP1, y Excel Web Access 2010 Gold y SP1 no analizan correctamente las expresiones condicionales asociadas con requisitos de formato, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo debidamente modificada. Es un problema tambi\u00e9n conocido como \"Vulnerabilidad de an\u00e1lisis de expresiones condicionales de Excel\"."
    }
  ],
  "id": "CVE-2011-1989",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-09-15T12:26:48.947",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1989 (GCVE-0-2011-1989)

GSD-2011-1989

CERTA-2011-AVI-512

Description

Solution

CERTA-2011-AVI-512

Description

Solution

GHSA-VC7Q-73X4-CQQG

FKIE_CVE-2011-1989

Tags

Sightings

Nomenclature