CVE-2011-0105

EXPLOITED

MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2011-0105 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Metasploit, Aniway, Unknown, sinn3r, juan vazquez, including a Metasploit module exploits/windows/fileformat/ms11_021_xlb_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Microsoft Office Excel 2007 via a malformed .xlb file, allowing arbitrary code execution by controlling a memcpy operation. It includes specific return addresses for different Excel 2007 versions on Windows XP.

Description

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18087

This Metasploit module exploits a stack-based buffer overflow in Microsoft Office Excel 2007 via a malformed .xlb file, allowing arbitrary code execution by controlling a memcpy operation. It includes specific return addresses for different Excel 2007 versions on Windows XP.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Office Excel 2007 (including SP2) on Windows XP
No auth needed
Prerequisites: Victim must open the malformed .xlb file in a vulnerable version of Excel
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Aniway, Unknown, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb

This Metasploit module exploits a stack-based buffer overflow in Microsoft Office Excel 2007 via a malformed .xlb file, allowing arbitrary code execution by controlling a memcpy operation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Office Excel 2007 (including SP2) on Windows XP
No auth needed
Prerequisites: Victim must open the malformed .xlb file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39122
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025337
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12618
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0940

Scores

EPSS 0.8942
EPSS Percentile 99.6%

Details

VulnCheck KEV 2023-07-19
CWE
CWE-119
Status published
Products (4)
microsoft/excel 2002 sp3
microsoft/office 2004
microsoft/office 2008
microsoft/open_xml_file_format_converter
Published Apr 13, 2011
Tracked Since Feb 18, 2026