CVE-2011-1972

EPSS 61.03%
Published 10.08.2011 21:55:01
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Visio Version2003 Updatesp3

Microsoft ≫ Visio Version2007 Updatesp2

Microsoft ≫ Visio Version2010 Editionx32

Microsoft ≫ Visio Version2010 Editionx64

Microsoft ≫ Visio Version2010 Updatesp1 Editionx32

Microsoft ≫ Visio Version2010 Updatesp1 Editionx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	61.03%	0.981

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.us-cert.gov/cas/techalerts/TA11-221A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852

https://nvd.nist.gov/vuln/detail/CVE-2011-1972

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1972

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1972

EUVD