Vulnerability Details : CVE-2011-0977
Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2011-0977
- cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0977
93.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0977
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-0977
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0977
-
http://www.vupen.com/english/advisories/2011/0942
Webmail | OVH- OVH
-
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://zerodayinitiative.com/advisories/ZDI-11-043/
ZDI-11-043 | Zero Day Initiative
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023
Microsoft Security Bulletin MS11-023 - Important | Microsoft Docs
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12339
Repository / Oval Repository
-
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft
Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro
-
http://www.securitytracker.com/id?1025343
Microsoft Office DLL Loading and Graphic Object Processing Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
Jump to