Vulnerability Details : CVE-2012-0185
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
Vulnerability category: OverflowExecute code
Products affected by CVE-2012-0185
- cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0185
95.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0185
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-0185
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0185
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75118
Microsoft Excel MergeCells buffer overflow CVE-2012-0185 Vulnerability Report
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738
Repository / Oval Repository
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030
Microsoft Security Bulletin MS12-030 - Important | Microsoft Docs
-
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.securitytracker.com/id?1027041
Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker
Jump to