Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011
CVE: CVE-2011-0105
BID: 47256
OSVDB: 71765


Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.


Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory MS11-021 contain an improper initialization bug of a value that is used to allocate memory. If an attacker can get a target to open a specially formatted Excel document, they may be able to exploit this bug to execute arbitrary code on the target's system.


Apply the patch outlined in Microsoft Security Advisory MS11-021.



This exploit has been tested against Microsoft Excel 2002 SP3 with KB2345017 running on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn), where the version of excel.exe was 10.0.6866.



Back to exploit index