CVE-2011-0979

Published: Feb 10, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."

Affected (11)

Products: Microsoft: Excel, Excel Viewer, Office, Office Compatibility Pack, Open Xml File Format Converter

5 products

Office Compatibility Pack

Open Xml File Format Converter

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	All versions
Microsoft Excel	Version 2002 sp3
Microsoft Excel	Version 2003 sp3
Microsoft Excel	Version 2007 sp2
Microsoft Excel	Version 2010
Microsoft Excel Viewer	All versions
Microsoft Office	Version 2004
Microsoft Office	Version 2008
Microsoft Office	Version 2011
Microsoft Office Compatibility Pack	Version 2007 sp2
Microsoft Open Xml File Format Converter	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

Source: cve@mitre.org

http://osvdb.org/70904

Source: cve@mitre.org

http://secunia.com/advisories/39122

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/43231

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id?1025337

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2011/0940

Source: cve@mitre.org

Vendor Advisory

http://zerodayinitiative.com/advisories/ZDI-11-041/

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595

Source: cve@mitre.org

http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/70904

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/39122

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43231

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id?1025337

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2011/0940

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://zerodayinitiative.com/advisories/ZDI-11-041/

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.