Description

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."

Remediation

References

CVE-2011-1989

Related Vulnerabilities

PrestaShop Improper Privilege Management Vulnerability (CVE-2013-6295)

WordPress Plugin Super Forms-Drag & Drop Form Builder Arbitrary File Upload (4.9.700)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26273)

OpenSSL Improper Input Validation Vulnerability (CVE-2014-3513)

SugarCRM Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3244)

Severity

Critical

Classification

CVE-2011-1989 CWE-20

Tags

Missing Update Known Vulnerabilities