Strike ID:
E12-03003
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
f
Variants:
1
Year:
2012

Description

This strike identifies a vulnerability in Microsoft Excel. It exists within the OBJECTLINK record. If an OBJECTLINK record has a wLinkObj value of 4 and is linked to a single data point the wLinkVar2 is used as an index into the Series specified by wLinkVar1. wLinkVar2 is not properly validated. If the value exceeds 31999 0x7CFF, the application will read a memory location outside of the wLinkObj series in which its supposed to be reading.

CVE

MSB

BID

OSVDB

81727