CVE-2011-0978

Published: Feb 10, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."

Affected (6)

Products: Microsoft: Excel, Excel Viewer, Office, Office Compatibility Pack

4 products

Office Compatibility Pack

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2002 sp3
Microsoft Excel	Version 2003 sp3
Microsoft Excel	Version 2007 sp2
Microsoft Excel Viewer	All versions
Microsoft Office	Version 2004
Microsoft Office Compatibility Pack	Version 2007 sp2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

Source: cve@mitre.org

http://secunia.com/advisories/39122

Source: cve@mitre.org

http://secunia.com/advisories/43232

Source: cve@mitre.org

http://securityreason.com/securityalert/8231

Source: cve@mitre.org

http://www.securitytracker.com/id?1025337

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2011/0940

Source: cve@mitre.org

http://zerodayinitiative.com/advisories/ZDI-11-042/

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439

Source: cve@mitre.org

http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/39122

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43232

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8231

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025337

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2011/0940

Source: af854a3a-2127-422b-91ae-364da2661108

http://zerodayinitiative.com/advisories/ZDI-11-042/

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.