CVE-2011-0104

Microsoft Excel <2004 - Memory Corruption

Title source: llm

Description

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."

Exploits (2)

exploitdb WRITEUP VERIFIED

by Rodrigo Rubira Branco · textremotewindows

https://www.exploit-db.com/exploits/35573

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Sunqiz · poc

https://github.com/Sunqiz/CVE-2011-0104-reproduction

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://osvdb.org/71761

[Vendor Advisory] http://secunia.com/advisories/39122

[Various Sources] http://www.checkpoint.com/defense/advisories/public/2011/cpai-31-Mard.html

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA11-102A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0940

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47245

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11767

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1025337

Scores

EPSS 0.7689

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (5)

microsoft/excel 2002 sp3

microsoft/excel 2003 sp3

microsoft/office 2004

microsoft/office 2008

microsoft/open_xml_file_format_converter

Published Apr 13, 2011

Tracked Since Feb 18, 2026