CVE-2011-0092
CVSS V2 High 9.3
CVSS V3 None
Description
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
Overview
- CVE ID
- CVE-2011-0092
- Assigner
- secure@microsoft.com
- Vulnerability Status
- Modified
- Published Version
- 2011-02-10T16:00:31
- Last Modified Date
- 2018-10-12T21:59:23
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 9.3
- Severity
- HIGH
- Exploitability Score
- 8.6
- Impact Score
- 10
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2011-0092 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0092 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 18:24:32 | Added to TrackCVE |