Published: 13/04/2011 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote malicious users to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft excel 2002
microsoft office 2004
microsoft office 2008
microsoft open xml file format converter

## # $Id: ms11_021_xlb_bofrb 14172 2011-11-06 20:16:34Z sinn3r $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cla ...

This Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007 By supplying a malformed xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow This results in arbitrary code execution under the context of the user ...

CWE-119 http://www.securitytracker.com/id?1025337 http://www.vupen.com/english/advisories/2011/0940 http://secunia.com/advisories/39122 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12618 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://nvd.nist.gov https://www.exploit-db.com/exploits/18087/

CVE-2011-0105

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect