CVE-2011-1987

2011-09-1512:26:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-1987

microsoft excel

array index error

remote code execution

vulnerability

nvd

security fix

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.951 High

EPSS

Percentile

99.3%

JSON

Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Excel Out of Bounds Array Indexing Vulnerability.”

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2010
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2004
microsoft:excelmicrosoft exceleq2007
microsoft:excelmicrosoft exceleq2010
microsoft:excel_viewermicrosoft excel viewereq*
microsoft:office_compatibility_packmicrosoft office compatibility packeq2007
microsoft:officemicrosoft officeeq2007
microsoft:excelmicrosoft exceleq2003

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2010
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2004
microsoft:excel	microsoft excel	eq	2007
microsoft:excel	microsoft excel	eq	2010
microsoft:excel_viewer	microsoft excel viewer	eq	*
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	2007
microsoft:office	microsoft office	eq	2007
microsoft:excel	microsoft excel	eq	2003