CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-1972

Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.61

EPSS Ranking 98.2%

CVSS Severity

CVSS v2 Score 9.3

References

http://www.us-cert.gov/cas/techalerts/TA11-221A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852
http://www.us-cert.gov/cas/techalerts/TA11-221A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852

Products affected by CVE-2011-1972

Microsoft » Visio » Version: 2003

cpe:2.3:a:microsoft:visio:2003
Microsoft » Visio » Version: 2007

cpe:2.3:a:microsoft:visio:2007
Microsoft » Visio » Version: 2010

cpe:2.3:a:microsoft:visio:2010

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-1972

Products

Pricing

Contact Us