Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability."
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Microsoft Office 2008 Mac
Microsoft Office 2004 Mac
Microsoft Excel Viewer Service Pack 2
Microsoft Office Excel 2010
Microsoft Office Excel 2003 Service Pack 3
Microsoft Office Excel 2007 Service Pack 2
Microsoft Office Compatibility Pack 2007 Service Pack 2
Microsoft Office Excel 2002 Service Pack 3
Microsoft Excel x64 (64-bit) Editions
Microsoft Open XML File Format Converter for Mac
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| MS11-021 | |||
| TA11-102A | |||
| ADV-2011-0940 | |||
| 47235 | |||
| 1025337 |
KB2464583 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2466146 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2466156 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2466158 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2466169 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2502786 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2505924 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2505927 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2505935 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
KB2525412 | MS11-021 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution