|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-11-12 | |
| Rule Name: | Microsoft Excel Mergecells Record Parsing Memory Corruption Vulnerability -1 (CVE-2012-0185) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." | |
| Impact: | An attacker can execute arbitrary code in the context of the vulnerable system. Failed exploit may cause denial-of-service attack. | |
| Affected OS: | Windows | |
| Reference: | SecurityTrackerID:1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75118 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738 |
|
| Solutions |
|---|
| Microsoft has released a patch MS12-030 to eliminate the vulnerability. The patch can be downloaded at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 |