Executive Summary
Summary | |
---|---|
Title | Microsoft Office uninitialized object pointer vulnerability |
Informations | |||
---|---|---|---|
Name | VU#909022 | First vendor Publication | 2011-09-13 |
Vendor | VU-CERT | Last vendor Modification | 2011-09-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#909022Microsoft Office uninitialized object pointer vulnerabilityOverviewMicrosoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code.I. DescriptionCode in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading binary (Word 97-2003 format) Word documents.II. ImpactBy convincing a user to open a specially crafted Office document, an attacker may be able to execute arbitrary code.III. SolutionApply an updateThis issue is addressed in Microsoft Security Bulletin MS11-073.
Referenceshttp://technet.microsoft.com/en-us/security/bulletin/ms11-073 This issue was reported by David Warren. This document was written by David Warren.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/909022 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12243 | |||
Oval ID: | oval:org.mitre.oval:def:12243 | ||
Title: | Office Uninitialized Object Pointer Vulnerability | ||
Description: | Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1982 | Version: | 8 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Office 2007 Microsoft Office 2010 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2011-09-14 | Name : Microsoft Office Remote Code Execution Vulnerabilites (2587634) File : nvt/secpod_ms11-073.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75380 | Microsoft Office MSO.dll Object Pointer Dereference Word Document Handling Re... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-09-15 | IAVM : 2011-A-0125 - Multiple Vulnerabilities in Microsoft Office Severity : Category II - VMSKEY : V0030246 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office BpscBulletProof uninitialized pointer dereference attempt RuleID : 20129 - Revision : 9 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-09-14 | Name : Arbitrary code can be executed on the remote host through Microsoft Office. File : smb_nt_ms11-073.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:09 |
|