ID CVE-2011-1980
Summary Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/MS11-073 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 22:01)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS11-073
bulletin_url
date 2011-09-13T00:00:00
impact Remote Code Execution
knowledgebase_id 2587634
knowledgebase_url
severity Important
title Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
oval via4
accepted 2014-05-26T04:00:07.120-04:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Office 2003 SP3 is installed
    oval oval:org.mitre.oval:def:15626
  • comment Microsoft Office 2007 SP2 is installed
    oval oval:org.mitre.oval:def:15607
description Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:12694
status accepted
submitted 2011-09-13T13:00:00
title Office Component Insecure Library Loading Vulnerability
version 15
refmap via4
cert TA11-256A
Last major update 12-10-2018 - 22:01
Published 15-09-2011 - 12:26
Last modified 12-10-2018 - 22:01
Back to Top