CVE-2011-1979

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICAL
EPSS
57.9%
top 1.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Visio
Timeline
PublishedAug 10
Latest updateMay 14

Description

Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/visio2003, 2007+1

🔴Vulnerability Details

2
GHSA
GHSA-jr54-2c44-3rq2: Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute2022-05-14
CVEList
CVE-2011-1979: Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute2011-08-10
CVE-2011-1979 (CRITICAL CVSS 9.3) | Microsoft Visio 2003 SP3 and 2007 S | cvebase.io