CVE-2011-1972
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
Microsoft Visio 2003 SP3, 2007 SP2 y 2010 Gold y SP1 no valida adecuadamente los objetos en memoria durante el análisis sintáctico del fichero Visio, esto permite a atacantes remotos ejecutar código de su elección mediante un fichero manipulado. También se conoce como "Vulnerabildiad en pStream Release RCE".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-05-09 CVE Reserved
- 2011-08-10 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA11-221A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2003 Search vendor "Microsoft" for product "Visio" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2007 Search vendor "Microsoft" for product "Visio" and version "2007" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2010 Search vendor "Microsoft" for product "Visio" and version "2010" | x32 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2010 Search vendor "Microsoft" for product "Visio" and version "2010" | x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2010 Search vendor "Microsoft" for product "Visio" and version "2010" | sp1, x32 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2010 Search vendor "Microsoft" for product "Visio" and version "2010" | sp1, x64 |
Affected
| ||||||