Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:013CEB50A5B7225D03F444037190A7BC
HistoryNov 08, 2011 - 12:00 a.m.

Microsoft Excel Substream Parsing Integer Overflow

2011-11-0800:00:00
SAINT Corporation
www.saintcorporation.com
20

EPSS

0.966

Percentile

99.6%

JSON

Added: 11/08/2011
CVE: CVE-2011-0097
OSVDB: 71758

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

Microsoft Excel 2007 versions lacking the patch (KB2464583) detailed in Microsoft Security Advisory MS11-021 contain an integer overflow vulnerability when parsing data included in a **400h** substream. An attacker who entices a user to open a specially formatted Excel document may be able to execute arbitrary code on the user’s system.

Resolution

Apply the patch outlined in Microsoft Security Advisory MS11-021.

References

<http://technet.microsoft.com/en-us/security/bulletin/MS11-021&gt;
<http://secunia.com/advisories/39122/&gt;

Limitations

Exploit works on Microsoft Excel 2007 SP2.

This exploit requires the Compress-Zlib PERL module, which is available from cpan.org.

Platforms

Windows XP
Windows 7

Related

saint 3
checkpoint_advisories 3
seebug 1
cve 1
prion 1
cvelist 1
nvd 1
nessus 2
openvas 2
securityvulns 1
saint
saint
Microsoft Excel Substream Parsing Integer Overflow
2011-11-08 00:00:00
Microsoft Excel Substream Parsing Integer Overflow
2011-11-08 00:00:00
Microsoft Excel Substream Parsing Integer Overflow
2011-11-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Substream Parsing Integer Overflow (MS11-021; CVE-2011-0097)
2012-04-30 00:00:00
Microsoft Excel Buffer Overrun in ToolbarDef Buffer Overflow - Ver2 (CVE-2011-0097)
2014-04-16 00:00:00
Workaround for Multiple Microsoft Office Excel BIFF4, BIFF5, and BIFF6 Records Vulnerabilities (MS11-021)
2011-04-12 00:00:00
seebug
seebug
Microsoft ExcelηΌ“ε†²εŒΊεˆ†ι…ζ•΄ζ•°ζΊ’ε‡ΊθΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(MS11-021)
2011-04-15 00:00:00
cve
cve
CVE-2011-0097
2011-04-13 18:55:01
prion
prion
Integer overflow
2011-04-13 18:55:00
cvelist
cvelist
CVE-2011-0097
2011-04-13 18:00:00
nvd
nvd
CVE-2011-0097
2011-04-13 18:55:01
nessus
nessus
MS11-021: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
2011-04-13 00:00:00
MS11-021 / MS11-022 / MS11-023: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489279 / 2489283 / 2489293) (Mac OS X)
2011-04-13 00:00:00
openvas
openvas
Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
2011-04-13 00:00:00
Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
2011-04-13 00:00:00
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2011-04-17 00:00:00

EPSS

0.966

Percentile

99.6%

JSON
Related for SAINT:013CEB50A5B7225D03F444037190A7BC
saint3checkpoint_advisories3seebug1cve1prion1cvelist1nvd1nessus2openvas2securityvulns1