| ID |
CVE-2011-1983
|
| Summary |
Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 12-10-2018 - 22:01) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS11-089 | | bulletin_url | | | date | 2011-12-13T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 2590602 | | knowledgebase_url | | | severity | Important | | title | Vulnerability in Microsoft Office Could Allow Remote Code Execution |
|
| oval
via4
|
| accepted | 2012-03-05T04:00:07.990-05:00 | | class | vulnerability | | contributors | | name | Josh Turpin | | organization | Symantec Corporation |
| name | Josh Turpin | | organization | Symantec Corporation |
| | definition_extensions | | comment | Microsoft Windows XP (x86) SP3 is installed | | oval | oval:org.mitre.oval:def:5631 |
| comment | Microsoft Windows XP x64 Edition SP2 is installed | | oval | oval:org.mitre.oval:def:4193 |
| comment | Microsoft Windows Server 2003 SP2 (x64) is installed | | oval | oval:org.mitre.oval:def:2161 |
| comment | Microsoft Windows Server 2003 SP2 (x86) is installed | | oval | oval:org.mitre.oval:def:1935 |
| comment | Microsoft Windows Server 2003 (ia64) SP2 is installed | | oval | oval:org.mitre.oval:def:1442 |
| comment | Microsoft Windows Vista (32-bit) Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:6124 |
| comment | Microsoft Windows Vista x64 Edition Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:5594 |
| comment | Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:5653 |
| comment | Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:6216 |
| comment | Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:6150 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Windows 7 (32-bit) Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:12292 |
| comment | Microsoft Windows 7 x64 Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:12627 |
| comment | Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:12567 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:12583 |
| | description | Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:14197 | | status | accepted | | submitted | 2012-01-10T13:00:00 | | title | Assembly Execution Vulnerability | | version | 76 |
| accepted | 2014-05-26T04:00:07.467-04:00 | | class | vulnerability | | contributors | | name | Josh Turpin | | organization | Symantec Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | definition_extensions | | comment | Microsoft Office 2007 SP2 is installed | | oval | oval:org.mitre.oval:def:15607 |
| comment | Microsoft Office 2007 SP3 is installed | | oval | oval:org.mitre.oval:def:15704 |
| comment | Microsoft Office 2010 is installed | | oval | oval:org.mitre.oval:def:12061 |
| | description | Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:14558 | | status | accepted | | submitted | 2011-12-13T13:00:00 | | title | TrueType Font Parsing Vulnerability | | version | 21 |
|
| refmap
via4
|
| cert | TA11-347A | | sectrack | 1026409 |
|
| Last major update |
12-10-2018 - 22:01 |
| Published |
14-12-2011 - 00:55 |
| Last modified |
12-10-2018 - 22:01 |
