CVE-2011-1980

Executive Summary

Informations
Name	CVE-2011-1980	First vendor Publication	2011-09-15
Vendor	Cve	Last vendor Modification	2012-06-04

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1980

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12694

Oval ID:	oval:org.mitre.oval:def:12694
Title:	Office Component Insecure Library Loading Vulnerability
Description:	Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1980	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Microsoft Office 2003 Microsoft Office 2007
Definition Synopsis:
Microsoft Office 2003 Microsoft Office 2003 is installed AND Mso.dll version is less than 11.0.8341.0 OR Microsoft Office 2007 Microsoft Office 2007 is installed AND Mso.dll version is less than 12.0.6562.5003

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Office cpe:/a:microsoft:office:2007:sp2 cpe:/a:microsoft:office:2003:sp3	2

Open Source Vulnerability Database (OSVDB)

id	Description
75379	Microsoft Office MSO.dll Path Subversion Arbitrary DLL Injection Code Execution

Internal Sources (Detail)

Source	Url
CERT	http://www.us-cert.gov/cas/techalerts/TA11-256A.html
MS	http://technet.microsoft.com/en-us/security/bulletin/MS11-073

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:00:55	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	2
osvdb(s)	1

Related	Severity
TA11-256A	(Critical)
MS11-073	(Critical)

Same Subject	Severity
Login to view 19 more Alert(s)

CVE-2011-1980

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU