Buffer overflow in Microsoft Excel

CVE-2011-0101

Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer cal…

Vulnerability class: Buffer Overflow

EPSS: 0.716 (98.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2002
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

TA11-102A (US Government Resource, x_refsource_CERT, third-party-advisory)
39122 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
71766 (x_refsource_OSVDB, vdb-entry)
20110412 ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
47243 (vdb-entry, x_refsource_BID)
oval:org.mitre.oval:def:11676 (x_refsource_OVAL, signature, vdb-entry)
1025337 (vdb-entry, x_refsource_SECTRACK)
secure@microsoft.com (x_refsource_MISC)
MS11-021 (x_refsource_MS, vendor-advisory)
ADV-2011-0940 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)