CVE-2012-0141 : Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 f

Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability."

Published 2012-05-09 00:55:01

Updated 2018-10-12 22:02:05

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute code

Products affected by CVE-2012-0141

Microsoft » Office » Version: 2011 MAC Edition
cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2003 Update SP3
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2007 Update SP2
cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2007 Update SP3
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2010
cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2010 Update SP1
cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Excel Viewer
cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP3
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP2
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-0141

EPSS FAQ

93.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-0141

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-0141

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0141

http://www.securityfocus.com/bid/53342

Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030

Microsoft Security Bulletin MS12-030 - Important | Microsoft Docs

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152

Repository / Oval Repository
http://www.us-cert.gov/cas/techalerts/TA12-129A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
http://www.securitytracker.com/id?1027041

Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-0141

Products affected by CVE-2012-0141

Exploit prediction scoring system (EPSS) score for CVE-2012-0141

CVSS scores for CVE-2012-0141

CWE ids for CVE-2012-0141

References for CVE-2012-0141