Check Point Advisories

Preemptive Protection against Microsoft Office Excel Use-after-free Code Execution (MS11-072; CVE-2011-1986)

Check Point Reference: CPAI-2011-408
Date Published: 13 Sep 2011
Severity: High
Last Updated: 1 Jan 2011
Source: Microsoft Security Bulletin MS11-072
Industry Reference:CVE-2011-1986
Protection Provided by:
Who is Vulnerable? Microsoft Excel 2003
Vulnerability Description A remote code execution vulnerability has been reported in Microsoft Office Excel. A remote attacker could exploit this vulnerability to execute arbitrary code in an affected system.
Update/Patch AvaliableApply patches from:
MS11-072
Vulnerability DetailsThe vulnerability is due to lack of validation of certain record structures while handling specially crafted Excel files. A remote attacker could trigger this vulnerability by enticing an unsuspecting user to open a webpage containing a malicious Excel file. Successful exploitation would allow an attacker to gain complete control over an affected system, in the security context of the local user.

Protection Overview

×
  Feedback
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO