VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Sep 15, 2011· Updated Apr 29, 2026

CVE-2011-1989

CVE-2011-1989

Description

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."

Affected products

23
  • Microsoft/Office8 versions
    cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*+ 7 more
    • cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*
  • Microsoft/Office Compatibility Pack
    cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
  • Microsoft/Open Xml File Format Converter
    cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
  • Microsoft/Sharepoint Server4 versions
    cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*
    • cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*
    • cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*
  • Microsoft/Excel6 versions
    cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*
    • cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*
    • cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*
    • cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*
  • Microsoft/Excel Viewer
    cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*
  • Microsoft/Excel Web App2 versions
    cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:excel_web_app:2010:sp1:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.