CVE-2011-0092

EPSS 44.59%
Veröffentlicht 10.02.2011 16:00:31
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Visio Version2002 Updatesp2

Microsoft ≫ Visio Version2003 Updatesp3

Microsoft ≫ Visio Version2007 Updatesp2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	44.59%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://osvdb.org/70828

http://secunia.com/advisories/43254

Vendor Advisory

http://www.securityfocus.com/archive/1/516274/100/0/threaded

http://www.securityfocus.com/bid/46137

http://www.securitytracker.com/id?1025043

http://www.vupen.com/english/advisories/2011/0321

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-11-063/

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008

https://exchange.xforce.ibmcloud.com/vulnerabilities/64923

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403