1. Home
  2. CVE Database
  3. CVE-2012-0185
HIGH · 9.3

CVE-2012-0185

Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a cr...

Vulnerability Description

Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftExcel2007
MicrosoftExcel ViewerAll versions
MicrosoftOffice Compatibility PackAll versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2012-0185?

CVE-2012-0185 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a cr...

How severe is CVE-2012-0185?

CVE-2012-0185 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-0185?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel, Microsoft Excel Viewer, Microsoft Office Compatibility Pack.