Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability."

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Microsoft
  • Excel
  • Excel Viewer
  • Office
  • Office Compatibility Pack

Configuration 1 [-]

OR cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*

No data.

References
Link Providers
http://secunia.com/advisories/49112 cve-icon cve-icon
http://www.securityfocus.com/bid/53373 cve-icon cve-icon
http://www.securitytracker.com/id?1027041 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA12-129A.html cve-icon cve-icon
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2024-08-06T18:16:18.760Z

Reserved: 2011-12-13T00:00:00

Link: CVE-2012-0142

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2012-05-09T00:55:01.273

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-0142

cve-icon Redhat

No data.