CVE-2012-0184
Description
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption vulnerability in Microsoft Excel allows remote code execution when a user opens a crafted spreadsheet.
Vulnerability
Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1, as well as Office 2008 and 2011 for Mac, Excel Viewer, and Office Compatibility Pack SP2 and SP3 mishandle memory during file opening. A specially crafted spreadsheet exploiting the SXLI record can corrupt memory, as described in MS12-030 [1] and referenced in CISA advisory TA12-129A [3]. This is a publicly disclosed vulnerability that is addressed by the security update.
Exploitation
An attacker can exploit this vulnerability by sending a crafted Excel spreadsheet to a user and convincing them to open it. No authentication is required, and the attacker can leverage common vectors like email or web downloads [1][2]. The user interaction of opening the file is the only prerequisite.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the logged-on user. With user rights, the attacker can install programs, view, change, or delete data, or create new accounts. Users with lower privileges are less affected [1].
Mitigation
Microsoft released a security update in MS12-030 on May 8, 2012, which corrects the data validation when opening files [1]. The update is available via Microsoft Update or automatic updating. No workarounds are described beyond applying the patch [3].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
- Range: 2003 SP3, 2007 SP2/SP3, 2010 Gold/SP1, Office 2008/2011 for Mac, Excel Viewer, Office Compatibility Pack SP2/SP3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.us-cert.gov/cas/techalerts/TA12-129A.htmlnvdUS Government Resource
- secunia.com/advisories/49112nvd
- www.securityfocus.com/bid/53375nvd
- www.securitytracker.com/idnvd
- www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtmlnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/75117nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789nvd
News mentions
0No linked articles in our index yet.