Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:E340427B2DB16A1A0B508A5B99066414
HistoryAug 15, 2011 - 12:00 a.m.

Microsoft Excel SLK File Parsing Buffer Overflow

2011-08-1500:00:00
SAINT Corporation
my.saintcorporation.com
31

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

JSON

Added: 08/15/2011
CVE: CVE-2011-1276
BID: 48161
OSVDB: 72924

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

Microsoft Office Excel is vulnerable to remote code execution due to improper boundary checking while parsing SLK data exchange files that results in buffer overflow. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 11-045.

References

<http://secunia.com/advisories/44901/&gt;

Limitations

Exploit works on Microsoft Excel 2002 SP3 on Windows XP SP3 English (DEP OptIn) with KB2483185.

The target user must open the exploit file in Microsoft Excel 2002 SP3.

Platforms

Windows

Related

checkpoint_advisories 1
exploitpack 1
saint 3
prion 1
symantec 1
packetstorm 1
seebug 2
cve 1
exploitdb 1
mskb 1
nessus 2
securityvulns 1
openvas 2
kitploit 1
checkpoint_advisories
checkpoint_advisories
Microsoft Excel SLK File Parsing Code Execution (MS11-045; CVE-2011-1276)
2011-06-09 00:00:00
exploitpack
exploitpack
Excel - SLYK Format Parsing Buffer Overrun (PoC)
2011-08-09 00:00:00
saint
saint
Microsoft Excel SLK File Parsing Buffer Overflow
2011-08-15 00:00:00
Microsoft Excel SLK File Parsing Buffer Overflow
2011-08-15 00:00:00
Microsoft Excel SLK File Parsing Buffer Overflow
2011-08-15 00:00:00
prion
prion
Buffer overflow
2011-06-16 20:55:00
symantec
symantec
Microsoft Excel Buffer Overflow CVE-2011-1276 Remote Code Execution Vulnerability
2011-06-14 00:00:00
packetstorm
packetstorm
Excel SLYK Format Parsing Buffer Overflow
2011-08-09 00:00:00
seebug
seebug
Excel SLYK Format Parsing Buffer Overrun Vulnerability PoC
2014-07-01 00:00:00
Microsoft Excelๅญ˜ๅœจๅคšไธชๅฎ‰ๅ…จๆผๆดž
2011-06-16 00:00:00
cve
cve
CVE-2011-1276
2011-06-16 20:55:00
exploitdb
exploitdb
Excel - SLYK Format Parsing Buffer Overrun (PoC)
2011-08-09 00:00:00
mskb
mskb
MS11-045: Vulnerabilities in Microsoft Excel could allow remote code execution: June 14, 2011
2011-06-14 00:00:00
nessus
nessus
MS11-045: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
2011-06-15 00:00:00
MS11-036 / MS11-045: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2545814 / 2537146) (Mac OS X)
2011-06-15 00:00:00
securityvulns
securityvulns
Microsoft Excel multiple security vulnerabilities
2011-06-15 00:00:00
openvas
openvas
Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
2011-06-15 00:00:00
Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
2011-06-15 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

JSON
Related for SAINT:E340427B2DB16A1A0B508A5B99066414
checkpoint_advisories1exploitpack1saint3prion1symantec1packetstorm1seebug2cve1exploitdb1mskb1nessus2securityvulns1openvas2kitploit1