MS11-072 MS11-072 - Important : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) - Version: 1.1
Version2011-10-11
Severity Rating: Important
Revision Note: V1.1 (October 11, 2011): Announced a detection logic change for update KB2553094. There were no changes to the security update files. See the Update FAQ for details.
Summary: This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987. See the section, Frequently Asked Questions (FAQ) Related to This S
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
Max CVSS
9.3
EPSS Score
93.73%
Published
2011-09-15
Updated
2018-10-12
Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
Max CVSS
9.3
EPSS Score
94.50%
Published
2011-09-15
Updated
2018-10-12
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
94.50%
Published
2011-09-15
Updated
2018-10-12
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."
Max CVSS
9.3
EPSS Score
93.02%
Published
2011-09-15
Updated
2018-10-12
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
Max CVSS
9.3
EPSS Score
94.30%
Published
2011-09-15
Updated
2018-10-12