Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Microsoft Office Excel and is prone to multiple remote code execution vulnerabilities. This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902410.
Insight
Insight
The flaws are due to: - An error in the usage of a specific field used for incrementing an array index. The application will copy the contents of the specified element into a statically sized buffer on the stack. - An error in parsing Office Art record, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. When receiving a window message, the application will proceed to navigate this linked list. This will access a method from the malformed object which can lead to code execution under the context of the application.
Affected Software
Affected Software
Microsoft Office Excel 2010
Solution
Solution
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.