CVE-2011-0977

Published Feb 10, 2011

Last updated 6 years ago

Overview

Description: Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-399

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References