CVE-2012-1847

2012-05-0900:55:00

CWE-264

[email protected]

web.nvd.nist.gov

136

microsoft excel

office

remote code execution

cve-2012-1847

security vulnerability

spreadsheet

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

JSON

Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability.”

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2008
microsoft:excelmicrosoft exceleq2007
microsoft:excel_viewermicrosoft excel viewereq*
microsoft:excelmicrosoft exceleq2010
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:excelmicrosoft exceleq2003
microsoft:officemicrosoft officeeq2011

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2008
microsoft:excel	microsoft excel	eq	2007
microsoft:excel_viewer	microsoft excel viewer	eq	*
microsoft:excel	microsoft excel	eq	2010
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:excel	microsoft excel	eq	2003
microsoft:office	microsoft office	eq	2011