CVE-2011-1987:Excel Out of Bounds Array Indexing Vulnerability in Microsoft Excel and related products.

splash
Back

Description Preview

The Excel Out of Bounds Array Indexing Vulnerability is a security flaw that exists in Microsoft Excel 2003 SP3, 2007 SP2, Excel in Office 2007 SP2, Excel 2010 Gold and SP1, Excel in Office 2010 Gold and SP1, Office 2004, 2008, and 2011 for Mac, Open XML File Format Converter for Mac, Excel Viewer SP2, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2. This vulnerability allows remote attackers to execute arbitrary code by exploiting an array index error in the affected software when processing a crafted spreadsheet.

Overview

This vulnerability affects multiple versions of Microsoft Excel and related products across different platforms, allowing remote attackers to execute arbitrary code through a specially crafted spreadsheet. The vulnerability was first made public on September 13, 2011, under the CVE-2011-1987 identifier.

Remediation

To mitigate the risk associated with this vulnerability, it is recommended to apply the necessary security updates provided by Microsoft. Users should ensure that their Microsoft Excel software is updated to the latest version available to address this array index error. Additionally, users are advised to exercise caution when opening Excel files from untrusted sources to prevent potential exploitation of this vulnerability.

References

  1. CVE-2011-1987: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1987
  2. Microsoft Security Bulletin MS11-072: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072
  3. US-CERT Technical Alert TA11-256A: http://www.us-cert.gov/cas/techalerts/TA11-256A.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Educational Services
    Educational Services
  5. Finance and Insurance
    Finance and Insurance
  6. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  7. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  8. Management of Companies & Enterprises
    Management of Companies & Enterprises
  9. Transportation & Warehousing
    Transportation & Warehousing
  10. Other Services (except Public Administration)
    Other Services (except Public Administration)
  11. Retail Trade
    Retail Trade
  12. Utilities
    Utilities
  13. Accommodation & Food Services
    Accommodation & Food Services
  14. Information
    Information
  15. Wholesale Trade
    Wholesale Trade
  16. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  17. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  18. Construction
    Construction
  19. Mining
    Mining
  20. Real Estate Rental & Leasing
    Real Estate Rental & Leasing

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database