Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-1982 | First vendor Publication | 2011-09-15 |
| Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1982 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12243 | |||
| Oval ID: | oval:org.mitre.oval:def:12243 | ||
| Title: | Office Uninitialized Object Pointer Vulnerability | ||
| Description: | Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-1982 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Office 2007 Microsoft Office 2010 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-09-14 | Name : Microsoft Office Remote Code Execution Vulnerabilites (2587634) File : nvt/secpod_ms11-073.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 75380 | Microsoft Office MSO.dll Object Pointer Dereference Word Document Handling Re... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2011-09-15 | IAVM : 2011-A-0125 - Multiple Vulnerabilities in Microsoft Office Severity : Category II - VMSKEY : V0030246 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft product fputlsat.dll dll-load exploit attempt RuleID : 21310 - Revision : 7 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft product request for fputlsat.dll over SMB attempt RuleID : 21309 - Revision : 7 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Office BpscBulletProof uninitialized pointer dereference attempt RuleID : 20129 - Revision : 9 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft product .dll dll-load exploit attempt RuleID : 18495 - Revision : 21 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft product .dll dll-load exploit attempt RuleID : 18494 - Revision : 25 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-09-14 | Name : The remote Windows host is affected by a code execution vulnerability. File : smb_nt_ms11-071.nasl - Type : ACT_GATHER_INFO |
| 2011-09-14 | Name : Arbitrary code can be executed on the remote host through Microsoft Office. File : smb_nt_ms11-073.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:14:31 |
|
| 2021-04-22 01:15:48 |
|
| 2020-05-23 00:28:33 |
|
| 2018-10-13 05:18:32 |
|
| 2017-09-19 09:24:27 |
|
| 2016-04-26 20:46:18 |
|
| 2014-02-17 11:02:32 |
|
| 2014-01-19 21:27:51 |
|
| 2013-11-11 12:39:24 |
|
| 2013-05-10 23:00:55 |
|
