Microsoft Excel SLK File Parsing Buffer Overflow

Added: 08/15/2011
CVE: CVE-2011-1276
BID: 48161
OSVDB: 72924


Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.


Microsoft Office Excel is vulnerable to remote code execution due to improper boundary checking while parsing SLK data exchange files that results in buffer overflow. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user.


Apply the patch referenced in Microsoft Security Bulletin 11-045.



Exploit works on Microsoft Excel 2002 SP3 on Windows XP SP3 English (DEP OptIn) with KB2483185.

The target user must open the exploit file in Microsoft Excel 2002 SP3.



Back to exploit index