Lucene search

[email protected]CVE-2011-1982

HistorySep 15, 2011 - 12:26 p.m.

CVE-2011-1982

2011-09-1512:26:48

CWE-20

[email protected]

web.nvd.nist.gov

microsoft office

cve-2011-1982

uninitialized object pointer

vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.903 High

EPSS

Percentile

98.8%

JSON

Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka “Office Uninitialized Object Pointer Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2007sp2

microsoftofficeMatch2010x32

microsoftofficeMatch2010x64

microsoftofficeMatch2010sp1x32

microsoftofficeMatch2010sp1x64

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2010

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2010

References

www.kb.cert.org/vuls/id/909022

www.us-cert.gov/cas/techalerts/TA11-256A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12243

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.903 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2011-1982

cvelist1 cert1 seebug1 checkpoint_advisories1 prion1 nvd1 symantec1 mskb1 openvas2 nessus1 securityvulns1