CVE-2011-1982

Опубликовано: 15 сент. 2011

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."

Ссылки

http://www.kb.cert.org/vuls/id/909022
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12243
http://www.kb.cert.org/vuls/id/909022
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12243

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*

cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*

cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*

cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*

EPSS

Процентиль: 98%

0.58519

Средний

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-r6xm-v62q-jv5w

github

больше 3 лет назад