Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1972

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-1972
Last Modified 04 Oct 2011 10:54:28
Published 10 Aug 2011 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1972

Summary

Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."

Vulnerable Systems

Application

  • Microsoft Visio 2003

  • Microsoft Visio 2007

  • Microsoft Visio 2010


References

CERT - TA11-221A

MS - MS11-060

Related Patches

MS11-060 Security Update for Microsoft Visio 2010, 32-Bit Edition (KB2553008)

MS11-060 Security Update for Microsoft Visio 2010, 64-Bit Edition (KB2553008)

MS11-060 2560978 2553009 (English/MUI) Security Update for Microsoft Visio 2003

MS11-060 2560978 2553008 Security Update for Microsoft Visio 2010 (All Languages)


Last Updated: 27 May 2016 10:56:52