Vulnerabilities > CVE-2011-1987 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
CWE-119
critical
nessus

Summary

Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Msbulletin

bulletin_idMS11-072
bulletin_url
date2011-09-13T00:00:00
impactRemote Code Execution
knowledgebase_id2587505
knowledgebase_url
severityImportant
titleVulnerabilities in Microsoft Excel Could Allow Remote Code Execution

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_MS11-072.NASL
    descriptionThe remote Mac OS X host is running a version of Microsoft Excel that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Excel file, these issues could be leveraged to execute arbitrary code subject to the user
    last seen2019-10-28
    modified2011-09-14
    plugin id56178
    published2011-09-14
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56178
    titleMS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) (Mac OS X)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS11-072.NASL
    descriptionThe remote Windows host is running a version of Microsoft Office, Excel, or a related product that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Excel file, he could leverage this issue to execute arbitrary code subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id56175
    published2011-09-14
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56175
    titleMS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

Oval

accepted2014-06-30T04:01:05.669-04:00
classvulnerability
contributors
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Excel 2003 is installed
    ovaloval:org.mitre.oval:def:764
  • commentMicrosoft Excel 2007 is installed
    ovaloval:org.mitre.oval:def:1745
  • commentMicrosoft Office 2007 is installed
    ovaloval:org.mitre.oval:def:1211
  • commentMicrosoft Office 2007 is installed
    ovaloval:org.mitre.oval:def:1211
  • commentMicrosoft Excel 2010 is installed
    ovaloval:org.mitre.oval:def:12658
  • commentMicrosoft Office 2010 is installed
    ovaloval:org.mitre.oval:def:12061
  • commentMicrosoft Office 2010 is installed
    ovaloval:org.mitre.oval:def:12061
  • commentMicrosoft Excel Viewer 2007 is installed
    ovaloval:org.mitre.oval:def:6006
  • commentMicrosoft Office Compatibility Pack is installed
    ovaloval:org.mitre.oval:def:1853
  • commentMicrosoft Office 2007 is installed
    ovaloval:org.mitre.oval:def:1211
descriptionArray index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
familywindows
idoval:org.mitre.oval:def:12953
statusaccepted
submitted2011-09-14T13:00:00
titleExcel Out of Bounds Array Indexing Vulnerability
version28

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 49477 CVE(CAN) ID: CVE-2011-1987 Microsoft Excel是由Microsoft为Windows和Apple Macintosh操作系统的电脑而编写和运行的一款试算表软件。 Microsoft Excel在处理特制Excel文件时存在远程代码执行漏洞,远程攻击者可利用此漏洞以当前用户权限执行任意代码,可能造成拒绝服务。 此漏洞属于整数签名问题,可导致无效数组索引,可由带负iax字段的某些记录触发。传递的负16位值稍后符号扩展到32位,然后用作堆数组的索引。由于对iax字段验证不全,可能在数组之外索引,这会导致以用户数据覆盖任意内存位置,执行任意任意代码。 Microsoft Excel 2010 Microsoft Excel 2007 Microsoft Excel 2003 Microsoft Office Compatibility Pack 2007 SP2 Microsoft Office Compatibility Pack 2007 SP1 Microsoft Office Compatibility Pack 2007 0 Microsoft Office 2011 for Mac SP1 Microsoft Office 2011 for Mac 0 Microsoft Office 2008 for Mac 0 Microsoft Office 2004 for Mac 0 Microsoft Open XML File Format Converter for Mac 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS11-073)以及相应补丁: MS11-073:Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) 链接:http://www.microsoft.com/technet/security/bulletin/MS11-072.mspx
idSSV:20933
last seen2017-11-19
modified2011-09-15
published2011-09-15
reporterRoot
titleMicrosoft Excel数组索引远程代码执行漏洞(MS11-072)