CVE-2011-0976
Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka "OfficeArt Atom RCE Vulnerability."
Microsoft Office PowerPoint 2007 no controla correctamente los contenedores de Office Art, lo que permite a atacantes remotos ejecutar código de su elección a través de un recipiente que activa el acceso a un objeto no inicializado.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Powerpoint 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists with the way the application will parse external objects within an Office Art container. When parsing this object, the application will append an uninitialized object to a list. When destroying this object during document close (WM_DESTROY), the application will access a method that doesn't exist. This can lead to code execution under the context of the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-02-07 CVE Published
- 2011-02-10 CVE Reserved
- 2024-08-06 CVE Updated
- 2024-11-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft | X_refsource_misc | |
| http://secunia.com/advisories/43213 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/516233/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1025340 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA11-102A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0941 | Vdb Entry | |
| http://zerodayinitiative.com/advisories/ZDI-11-044 | X_refsource_misc | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11978 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2007 Search vendor "Microsoft" for product "Powerpoint" and version "2007" | - |
Affected
| ||||||