Check Point Advisories

Preemptive Protection against Microsoft Office Excel Use-after-free Code Execution (MS11-072; CVE-2011-1986)

Check Point Reference: CPAI-2011-408
Date Published: 13 Sep 2011
Severity: High
Last Updated: Saturday 01 January, 2011
Source: Microsoft Security Bulletin MS11-072
Industry Reference:CVE-2011-1986
Protection Provided by:
Who is Vulnerable? Microsoft Excel 2003
Vulnerability Description A remote code execution vulnerability has been reported in Microsoft Office Excel. A remote attacker could exploit this vulnerability to execute arbitrary code in an affected system.
Update/Patch AvaliableApply patches from:
MS11-072
Vulnerability DetailsThe vulnerability is due to lack of validation of certain record structures while handling specially crafted Excel files. A remote attacker could trigger this vulnerability by enticing an unsuspecting user to open a webpage containing a malicious Excel file. Successful exploitation would allow an attacker to gain complete control over an affected system, in the security context of the local user.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK