CVE-2012-0185 : Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibi

Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."

Published 2012-05-09 00:55:02

Updated 2018-10-12 22:02:26

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2012-0185

Probability of exploitation activity in the next 30 days: 94.55%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0185

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-0185

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0185

https://exchange.xforce.ibmcloud.com/vulnerabilities/75118

Microsoft Excel MergeCells buffer overflow CVE-2012-0185 Vulnerability Report
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738

Repository / Oval Repository
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030

Microsoft Security Bulletin MS12-030 - Important | Microsoft Docs

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA12-129A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
http://www.securitytracker.com/id?1027041

Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker

CVEs referencing this url

Products affected by CVE-2012-0185

Microsoft » Excel » Version: 2007 Update SP2
cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2007 Update SP3
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2010
cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2010 Update SP1
cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Excel Viewer
cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP3
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP2
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-0185

Exploit prediction scoring system (EPSS) score for CVE-2012-0185

CVSS scores for CVE-2012-0185

CWE ids for CVE-2012-0185

References for CVE-2012-0185

Products affected by CVE-2012-0185