CVE-2012-1885 : Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 20

Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability."

Published 2012-11-14 00:55:01

Updated 2018-10-12 22:02:56

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2012-1885

Microsoft » Office » Version: 2008 MAC Edition
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2011 MAC Edition
cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2003 Update SP3
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2007 Update SP2
cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2007 Update SP3
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2010 Update SP1 X64 Edition
cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2010 Update SP1 X86 Edition
cpe:2.3:a:microsoft:excel:2010:sp1:x86:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP3
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP2
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-1885

EPSS FAQ

65.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-1885

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-1885

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-1885

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076

Microsoft Security Bulletin MS12-076 - Important | Microsoft Docs

CVEs referencing this url
http://www.securityfocus.com/bid/56425

Microsoft Excel 'SerAuxErrBar' Heap Overflow Remote Code Execution Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/78072

Microsft Excel SerAuxErrBar buffer overflow CVE-2012-1885 Vulnerability Report
http://www.securitytracker.com/id?1027752

Microsoft Excel Buffer Overflow, Memory Corruption, and Use-After-Free Errors Let Remote Users Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA12-318A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916

Repository / Oval Repository
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752

Repository / Oval Repository

Jump to

Vulnerability Details : CVE-2012-1885

Products affected by CVE-2012-1885

Exploit prediction scoring system (EPSS) score for CVE-2012-1885

CVSS scores for CVE-2012-1885

CWE ids for CVE-2012-1885

References for CVE-2012-1885