CVE-2011-3261
Description
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A double-free bug in iOS OfficeImport lets attackers execute code or crash Safari/Mail via a crafted Excel file.
Vulnerability
Apple iOS before version 5 contains a double-free vulnerability in the OfficeImport component, which is responsible for parsing Excel spreadsheets. The flaw can be triggered when a remote attacker delivers a specially crafted .xls file that causes the parser to free the same memory region twice. iOS 4.x and earlier are affected; the issue is fixed in iOS 5.
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a malicious Excel file, typically through email (Mail app) or a web page (Safari). No authentication or special network position is required beyond the ability to deliver the crafted file. The double-free condition occurs during the parsing of the spreadsheet, leading to memory corruption.
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected application (Mail, Safari, or any process that renders Excel attachments), or to crash the application (denial of service). This can lead to full device compromise depending on the process context.
Mitigation
Apple released iOS 5 on October 12, 2011, which fixes the vulnerability [1]. Users should update their devices to iOS 5 or later via iTunes. No workarounds are available for older iOS versions. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
30cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*+ 28 more
- cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*
- Range: <5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlnvdVendor Advisory
- support.apple.com/kb/HT4999nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/70557nvd
News mentions
0No linked articles in our index yet.