CVE-2011-0107

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."

Vulnerabilidad de búsqueda de ruta no confiable en Microsoft Office XP SP3, Office 2003 SP3 y Office 2007 SP2 permite a usuarios locales conseguir privilegios a través de un troyano DLL en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. docx, también conocida como "Vulnerabilidad de carga de librería insegura de Office. "

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-12-21 CVE Reserved
2011-04-13 CVE Published
2024-08-06 CVE Updated
2024-10-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
http://osvdb.org/71767	Vdb Entry
http://secunia.com/advisories/44015	Third Party Advisory
http://www.fortiguard.com/advisory/FGA-2011-13.html	X_refsource_misc
http://www.securityfocus.com/bid/47246	Vdb Entry
http://www.securitytracker.com/id?1025343	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA11-102A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0942	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12655	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2003 Search vendor "Microsoft" for product "Office" and version "2003"		sp3		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2007 Search vendor "Microsoft" for product "Office" and version "2007"		sp2		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				xp Search vendor "Microsoft" for product "Office" and version "xp"		sp3		Affected