CVE-2012-1885

2012-11-1400:55:01

CWE-119

[email protected]

web.nvd.nist.gov

111

cve-2012-1885

excel

serauxerrbar

heap overflow

vulnerability

microsoft

office

remote code execution

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.953 High

EPSS

Percentile

99.4%

JSON

Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Excel SerAuxErrBar Heap Overflow Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2003sp3

microsoftexcelMatch2007sp2

microsoftexcelMatch2007sp3

microsoftexcelMatch2010sp1x64

microsoftexcelMatch2010sp1x86

microsoftofficeMatch2008mac

microsoftofficeMatch2011mac

microsoftoffice_compatibility_packsp2

microsoftoffice_compatibility_packsp3

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2003
microsoft:excelmicrosoft exceleq2007
microsoft:excelmicrosoft exceleq2010
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2011
microsoft:office_compatibility_packmicrosoft office compatibility packeq*

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2003
microsoft:excel	microsoft excel	eq	2007
microsoft:excel	microsoft excel	eq	2010
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2011
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*