MS11-073: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
High Nessus Plugin ID 56176
SynopsisArbitrary code can be executed on the remote host through Microsoft Office.
DescriptionThe remote Windows host is running a version of Microsoft Office that is potentially affected by two vulnerabilities :
- The application insecurely restricts the path used for loading external libraries when opening documents that use the .doc, .xls, or .ppt Office binary format and when the Office File Validation Add-in is not installed. This could lead to arbitrary code execution.
- The application may use an uninitialized object pointer when opening a Word document, which could lead to arbitrary code execution. (CVE-2011-1982)
SolutionMicrosoft has released a set of patches for Office 2003, 2007, and 2010.