Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0977

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-0977
Last Modified 04 Oct 2011 10:52:42
Published 10 Feb 2011 02:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0977

Summary

Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."

Vulnerable Systems

Application

  • Microsoft Excel 2007


References

CERT - TA11-102A

MISC - http://zerodayinitiative.com/advisories/ZDI-11-043/

VUPEN - ADV-2011-0942

SECTRACK - 1025343

MS - MS11-023

SECUNIA - 44015

SECUNIA - 43216

MISC - http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft


Last Updated: 27 May 2016 10:56:07