Executive Summary

Summary
Title Microsoft Office uninitialized object pointer vulnerability
Informations
Name VU#909022 First vendor Publication 2011-09-13
Vendor VU-CERT Last vendor Modification 2011-09-13
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#909022

Microsoft Office uninitialized object pointer vulnerability

Overview

Microsoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code.

I. Description

Code in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading binary (Word 97-2003 format) Word documents.

II. Impact

By convincing a user to open a specially crafted Office document, an attacker may be able to execute arbitrary code.

III. Solution

Apply an update

This issue is addressed in Microsoft Security Bulletin MS11-073.

Block Office 2003 and earlier documents from untrusted sources

Microsoft Security Bulletin MS11-073 details how to use the Microsoft Office File Block policy to prevent specific file format types from being opened in Microsoft Office.

Vendor Information

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected2010-11-302011-09-13

References

http://technet.microsoft.com/en-us/security/bulletin/ms11-073
http://technet.microsoft.com/en-us/library/cc179230.aspx

Credit

This issue was reported by David Warren.

This document was written by David Warren.

Other Information

Date Public:2011-09-13
Date First Published:2011-09-13
Date Last Updated:2011-09-13
CERT Advisory: 
CVE-ID(s):CVE-2011-1982
NVD-ID(s):CVE-2011-1982
US-CERT Technical Alerts: 
Severity Metric:1.62
Document Revision:21

Original Source

Url : http://www.kb.cert.org/vuls/id/909022

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12243
 
Oval ID: oval:org.mitre.oval:def:12243
Title: Office Uninitialized Object Pointer Vulnerability
Description: Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1982
Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Office 2007
Microsoft Office 2010
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

OpenVAS Exploits

Date Description
2011-09-14 Name : Microsoft Office Remote Code Execution Vulnerabilites (2587634)
File : nvt/secpod_ms11-073.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75380 Microsoft Office MSO.dll Object Pointer Dereference Word Document Handling Re...

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-09-15 IAVM : 2011-A-0125 - Multiple Vulnerabilities in Microsoft Office
Severity : Category II - VMSKEY : V0030246

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office BpscBulletProof uninitialized pointer dereference attempt
RuleID : 20129 - Revision : 9 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2011-09-14 Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms11-073.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2015-05-08 13:28:09
  • Multiple Updates