CVE-2011-0098 - Vulnerability Details - OpenCVE

Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Excel Excel Viewer Office Office Compatibility Pack Open Xml File Format Converter

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:excel:-:-:x64:::::*
	cpe:2.3:a:microsoft:excel:2002:sp3::::::
	cpe:2.3:a:microsoft:excel:2003:sp3::::::
	cpe:2.3:a:microsoft:excel:2007:sp2::::::
	cpe:2.3:a:microsoft:excel:2010:::::::*
	cpe:2.3:a:microsoft:excel_viewer:-:sp2::::::
	cpe:2.3:a:microsoft:office:2004::mac:::::
	cpe:2.3:a:microsoft:office:2008::mac:::::
	cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2::::::
	cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*

No data.

References

Link	Providers
http://osvdb.org/71759
http://secunia.com/advisories/39122
http://secunia.com/secunia_research/2011-32/
http://www.securityfocus.com/bid/47235
http://www.securitytracker.com/id?1025337
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://www.vupen.com/english/advisories/2011/0940
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2011-04-13T18:00:00

Updated: 2024-08-06T21:43:14.594Z

Reserved: 2010-12-21T00:00:00

Link: CVE-2011-0098

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-04-13T18:55:01.127

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0098

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "TA11-102A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"}, {"name": "39122", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39122"}, {"name": "71759", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/71759"}, {"name": "oval:org.mitre.oval:def:12034", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"}, {"name": "1025337", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025337"}, {"name": "47235", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47235"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2011-32/"}, {"name": "MS11-021", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"}, {"name": "ADV-2011-0940", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0940"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2011-0098", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA11-102A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"}, {"name": "39122", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39122"}, {"name": "71759", "refsource": "OSVDB", "url": "http://osvdb.org/71759"}, {"name": "oval:org.mitre.oval:def:12034", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"}, {"name": "1025337", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025337"}, {"name": "47235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47235"}, {"name": "http://secunia.com/secunia_research/2011-32/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2011-32/"}, {"name": "MS11-021", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"}, {"name": "ADV-2011-0940", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0940"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:43:14.594Z"}, "title": "CVE Program Container", "references": [{"name": "TA11-102A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"}, {"name": "39122", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39122"}, {"name": "71759", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/71759"}, {"name": "oval:org.mitre.oval:def:12034", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"}, {"name": "1025337", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025337"}, {"name": "47235", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47235"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2011-32/"}, {"name": "MS11-021", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"}, {"name": "ADV-2011-0940", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0940"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2011-0098", "datePublished": "2011-04-13T18:00:00", "dateReserved": "2010-12-21T00:00:00", "dateUpdated": "2024-08-06T21:43:14.594Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:excel:-:-:x64:*:*:*:*:*", "matchCriteriaId": "A7870548-E23F-469A-B205-BB30E49718B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*", "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*", "matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "9AEBCD21-942F-44A9-B77E-8FC944F969F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*", "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*", "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\""}, {"lang": "es", "value": "Un error en la propiedad signedness de un entero en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP2, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo XLS con un gran tama\u00f1o de registro, tambi\u00e9n se conoce como \"Excel Heap Overflow Vulnerability.\""}], "id": "CVE-2011-0098", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-04-13T18:55:01.127", "references": [{"source": "secure@microsoft.com", "url": "http://osvdb.org/71759"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39122"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2011-32/"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/47235"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1025337"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0940"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/71759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2011-32/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/47235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}