CVE-2011-1990

{"id": "CVE-2011-1990", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-09-15T12:26:48.977", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\""}, {"lang": "es", "value": "Microsoft Excel 2007 Service Pack 2; Excel en Office 2007 SP2, Excel Viewer SP2, Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, y Servicios de Excel en Office SharePoint Server 2007 SP2 no validan correctamente el signo de un \u00edndice no especificado de una matriz, lo que permite ejecutar c\u00f3digo de su elecci\u00f3n a atacantes remotos a trav\u00e9s de una hoja de c\u00e1lculo debidamente modificada. Es un problema tambi\u00e9n conocido como \"Vulnerabilidad de indexaci\u00f3n de matrices fuera de l\u00edmites\"."}], "lastModified": "2024-11-21T01:27:26.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F"}, {"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B"}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA"}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "586E6C37-346C-40BA-AC89-2CEB8C44E190"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48EB5C93-55BF-4608-A9DC-EDD8DE15EE44"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}