CVE-2011-0977

HIGH

Description

Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."

References

http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

http://secunia.com/advisories/43216

http://secunia.com/advisories/44015

http://www.securitytracker.com/id?1025343

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

http://www.vupen.com/english/advisories/2011/0942

http://zerodayinitiative.com/advisories/ZDI-11-043/

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12339

Details

Source: MITRE

Published: 2011-02-10

Updated: 2018-10-12

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
53380MS11-023: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)NessusWindows : Microsoft Bulletins
high
53374MS11-021 / MS11-022 / MS11-023: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489279 / 2489283 / 2489293) (Mac OS X)NessusMacOS X Local Security Checks
high