1. CVE-Search
  2. CVE-2012-1887
ID CVE-2012-1887
Summary Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2010:sp1:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2010:sp1:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 22:02)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS12-076
bulletin_url
date 2012-11-13T00:00:00
impact Remote Code Execution
knowledgebase_id 2720184
knowledgebase_url
severity Important
title Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
oval via4
  • accepted 2012-12-31T04:01:26.248-05:00
    class vulnerability
    contributors
    name SecPod Team
    organization SecPod Technologies
    definition_extensions
    • comment Microsoft Excel 2007 SP2 is installed
      oval oval:org.mitre.oval:def:15538
    • comment Microsoft Excel 2007 SP3 is installed
      oval oval:org.mitre.oval:def:15126
    • comment Microsoft Excel 2010 SP1 is installed
      oval oval:org.mitre.oval:def:15308
    • comment Microsoft Excel 2003 SP3 is installed
      oval oval:org.mitre.oval:def:15771
    description Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
    family windows
    id oval:org.mitre.oval:def:15717
    status accepted
    submitted 2012-11-16T09:20:22
    title Excel SST Invalid Length Use After Free Vulnerability - MS12-076
    version 11
  • accepted 2012-12-31T04:01:45.848-05:00
    class vulnerability
    contributors
    name SecPod Team
    organization SecPod Technologies
    definition_extensions
    • comment Microsoft Office 2008 for Mac is installed
      oval oval:org.mitre.oval:def:15839
    • comment Microsoft Office 2011 for Mac is installed
      oval oval:org.mitre.oval:def:14753
    description Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
    family macos
    id oval:org.mitre.oval:def:15970
    status accepted
    submitted 2012-11-16T09:20:22
    title Excel SST Invalid Length Use After Free Vulnerability - MS12-076
    version 4
refmap via4
bid 56430
cert TA12-318A
sectrack 1027752
xf microsoft-excel-ssl-code-exec(78074)
Last major update 12-10-2018 - 22:02
Published 14-11-2012 - 00:55
Last modified 12-10-2018 - 22:02
Back to Top