CVE-2011-0092
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.5%
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka “Visio Object Memory Corruption Vulnerability.”
Affected configurations
References
osvdb.org/70828
secunia.com/advisories/43254
www.securityfocus.com/archive/1/516274/100/0/threaded
www.securityfocus.com/bid/46137
www.securitytracker.com/id?1025043
www.vupen.com/english/advisories/2011/0321
www.zerodayinitiative.com/advisories/ZDI-11-063/
docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008
exchange.xforce.ibmcloud.com/vulnerabilities/64923
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.5%