Executive Summary

Summary
Title Microsoft Office uninitialized object pointer vulnerability
Informations
NameVU#909022First vendor Publication2011-09-13
VendorVU-CERTLast vendor Modification2011-09-13
Severity (Vendor) N/ARevisionM

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#909022

Microsoft Office uninitialized object pointer vulnerability

Overview

Microsoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code.

I. Description

Code in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading binary (Word 97-2003 format) Word documents.

II. Impact

By convincing a user to open a specially crafted Office document, an attacker may be able to execute arbitrary code.

III. Solution

Apply an update

This issue is addressed in Microsoft Security Bulletin MS11-073.

Block Office 2003 and earlier documents from untrusted sources

Microsoft Security Bulletin MS11-073 details how to use the Microsoft Office File Block policy to prevent specific file format types from being opened in Microsoft Office.

Vendor Information

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected2010-11-302011-09-13

References

http://technet.microsoft.com/en-us/security/bulletin/ms11-073
http://technet.microsoft.com/en-us/library/cc179230.aspx

Credit

This issue was reported by David Warren.

This document was written by David Warren.

Other Information

Date Public:2011-09-13
Date First Published:2011-09-13
Date Last Updated:2011-09-13
CERT Advisory:Â
CVE-ID(s):CVE-2011-1982
NVD-ID(s):CVE-2011-1982
US-CERT Technical Alerts:Â
Severity Metric:1.62
Document Revision:21

Original Source

Url : http://www.kb.cert.org/vuls/id/909022

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12243
 
Oval ID: oval:org.mitre.oval:def:12243
Title: Office Uninitialized Object Pointer Vulnerability
Description: Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1982
Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Office 2007
Microsoft Office 2010
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application5

OpenVAS Exploits

DateDescription
2011-09-14Name : Microsoft Office Remote Code Execution Vulnerabilites (2587634)
File : nvt/secpod_ms11-073.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
75380Microsoft Office MSO.dll Object Pointer Dereference Word Document Handling Re...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2011-09-15IAVM : 2011-A-0125 - Multiple Vulnerabilities in Microsoft Office
Severity : Category II - VMSKEY : V0030246

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Office BpscBulletProof uninitialized pointer dereference attempt
RuleID : 20129 - Revision : 9 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

DateDescription
2011-09-14Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms11-073.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2015-05-08 13:28:09
  • Multiple Updates