Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 9 |
CVE-ID | CVE-2011-0980 CVE-2011-0979 CVE-2011-0978 CVE-2011-0105 CVE-2011-0104 CVE-2011-0103 CVE-2011-0101 CVE-2011-0098 CVE-2011-0097 |
CWE-ID | CWE-399 CWE-119 CWE-121 CWE-122 CWE-191 |
Exploitation vector | Network |
Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. Vulnerability #5 is being exploited in the wild. Vulnerability #7 is being exploited in the wild. Vulnerability #9 is being exploited in the wild. |
Vulnerable software Subscribe |
Microsoft Excel Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications |
Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
EUVDB-ID: #VU2948
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2011-0980
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper management of data structures when parsing Office Arts objects. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=916a076d-d754-4092-b23d-c8826db7e397
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office 2008 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
http://go.microsoft.com/fwlink/?LinkId=203241
Open XML File Format Converter for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
http://go.microsoft.com/fwlink/?LinkId=203241
Microsoft Excel: 2002 - 2003
Microsoft Office for Mac: 2004 - 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU2947
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2011-0979
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper management of members of a data structures while parsing Office Art records in Excel spreadsheets. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=916a076d-d754-4092-b23d-c8826db7e397
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5ae34fe0-03bd-48a9-a7ac-de8f7b1aff90
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2010 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=a427f0e2-b74d-4ef3-bec4-0a101d09bfa3
Microsoft Excel (64-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=13dca35d-2209-4c5c-9150-d6db2bb3b496
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office 2008 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
http://go.microsoft.com/fwlink/?LinkId=203241
Microsoft Office for Mac 2011:
https://www.microsoft.com/downloads/details.aspx?FamilyID=ef1e612f-d8e3-4628-9fe4-ad136f0debd3
Open XML File Format Converter for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
http://go.microsoft.com/fwlink/?LinkId=203241
Microsoft Excel Viewer Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2d75786a-2368-4ef2-970b-fa2e57d63ca9
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office: 2007
Microsoft Excel: 2002 - 2010
Microsoft Office for Mac: 2004 - 2011
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU2946
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2011-0978
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to array indexing error when validating record information. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger stack-based buffer overlow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=916a076d-d754-4092-b23d-c8826db7e397
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5ae34fe0-03bd-48a9-a7ac-de8f7b1aff90
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Excel Viewer Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2d75786a-2368-4ef2-970b-fa2e57d63ca9
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=946cc611-4d75-4728-b9d3-1c8b557b02c2
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office: 2007
Microsoft Excel: 2002 - 2007
Microsoft Office for Mac: 2004
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU2945
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2011-0105
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when data initialization. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office 2008 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
http://go.microsoft.com/fwlink/?LinkId=203241
Open XML File Format Converter for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
http://go.microsoft.com/fwlink/?LinkId=203241
Microsoft Excel: 2002
Microsoft Office for Mac: 2004 - 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU2944
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2011-0104
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow during validation of record information. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=916a076d-d754-4092-b23d-c8826db7e397
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office 2008 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
http://go.microsoft.com/fwlink/?LinkId=203241
Open XML File Format Converter for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
http://go.microsoft.com/fwlink/?LinkId=203241
Microsoft Excel: 2002 - 2003
Microsoft Office for Mac: 2004 - 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU2943
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-0103
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling malformed documents. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=916a076d-d754-4092-b23d-c8826db7e397
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office 2008 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
http://go.microsoft.com/fwlink/?LinkId=203241
Open XML File Format Converter for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
http://go.microsoft.com/fwlink/?LinkId=203241
Microsoft Excel: 2002 - 2003
Microsoft Office for Mac: 2004 - 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU2942
Risk: Critical
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2011-0101
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when validating record information within the methods used for RealTimeData Record Parsing. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel: 2002
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU2941
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-0098
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when parsing record information. A remote attacker can create a specially crafted Excel file with a large record size, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=916a076d-d754-4092-b23d-c8826db7e397
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5ae34fe0-03bd-48a9-a7ac-de8f7b1aff90
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2010 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=a427f0e2-b74d-4ef3-bec4-0a101d09bfa3
Microsoft Excel (64-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=13dca35d-2209-4c5c-9150-d6db2bb3b496
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office 2008 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
http://go.microsoft.com/fwlink/?LinkId=203241
Open XML File Format Converter for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
http://go.microsoft.com/fwlink/?LinkId=203241
Microsoft Excel Viewer Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2d75786a-2368-4ef2-970b-fa2e57d63ca9
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=946cc611-4d75-4728-b9d3-1c8b557b02c2
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office: 2007
Microsoft Excel: 2002 - 2010
Microsoft Office for Mac: 2004 - 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU2940
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2011-0097
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer underflow when parsing record information. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=db2c5cfe-588c-4646-b86a-3fb8248f7af4
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=916a076d-d754-4092-b23d-c8826db7e397
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5ae34fe0-03bd-48a9-a7ac-de8f7b1aff90
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Excel 2010 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=a427f0e2-b74d-4ef3-bec4-0a101d09bfa3
Microsoft Excel (64-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=13dca35d-2209-4c5c-9150-d6db2bb3b496
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office 2008 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
http://go.microsoft.com/fwlink/?LinkId=203241
Open XML File Format Converter for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
http://go.microsoft.com/fwlink/?LinkId=203241
Microsoft Excel Viewer Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2d75786a-2368-4ef2-970b-fa2e57d63ca9
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=946cc611-4d75-4728-b9d3-1c8b557b02c2
http://go.microsoft.com/fwlink/?LinkId=200529
Microsoft Office: 2007
Microsoft Excel: 2002 - 2010
Microsoft Office for Mac: 2004 - 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.