FKIE_CVE-2011-0980

Vulnerability from fkie_nvd - Published: 2011-02-10 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
References
cve@mitre.orghttp://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft
cve@mitre.orghttp://secunia.com/advisories/39122
cve@mitre.orghttp://secunia.com/advisories/43210
cve@mitre.orghttp://www.securitytracker.com/id?1025337
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA11-102A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0940
cve@mitre.orghttp://zerodayinitiative.com/advisories/ZDI-11-040/
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12018
af854a3a-2127-422b-91ae-364da2661108http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39122
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43210
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025337
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0940
af854a3a-2127-422b-91ae-364da2661108http://zerodayinitiative.com/advisories/ZDI-11-040/
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12018
Impacted products
Vendor Product Version
microsoft excel 2002
microsoft excel 2003
microsoft excel 2003
microsoft office 2004
microsoft office 2008
microsoft open_xml_file_format_converter *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka \"Excel Dangling Pointer Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Excel 2003 no parsea correctamente objetos Office Art, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con un puntero a funci\u00f3n."
    }
  ],
  "id": "CVE-2011-0980",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-10T19:00:01.987",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39122"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43210"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025337"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0940"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://zerodayinitiative.com/advisories/ZDI-11-040/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://zerodayinitiative.com/advisories/ZDI-11-040/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12018"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.