FKIE_CVE-2012-0142

Vulnerability from fkie_nvd - Published: 2012-05-09 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability."
References
secure@microsoft.comhttp://secunia.com/advisories/49112
secure@microsoft.comhttp://www.securityfocus.com/bid/53373
secure@microsoft.comhttp://www.securitytracker.com/id?1027041
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA12-129A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49112
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53373
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027041
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA12-129A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543
Impacted products
Vendor Product Version
microsoft excel 2003
microsoft excel 2007
microsoft excel 2007
microsoft excel 2010
microsoft excel 2010
microsoft excel_viewer *
microsoft office 2008
microsoft office_compatibility_pack *
microsoft office_compatibility_pack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "96EBA20F-201E-43AA-9F83-B73FB31696C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no maneja correctamente la memoria durante la apertura de ficheros, permitiendo que atacantes remotos ejecuten codigo arbitrario mediante una hoja de calculo manipulada, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria en el registro OBJECTLINKE en un fichero de Excel\""
    }
  ],
  "id": "CVE-2012-0142",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-05-09T00:55:01.273",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/49112"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/53373"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1027041"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.