CVE-2011-3413

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

52.4%

top 2.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Compatibility Pack Microsoft Powerpoint +1 more

Timeline

PublishedDec 14

Latest updateMay 14

Description

Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/powerpoint_viewer2007

▶NVDmicrosoft/powerpoint2007

▶NVDmicrosoft/office_compatibility_pack2007

▶NVDmicrosoft/office2008

🔴Vulnerability Details

GHSA

GHSA-ggx2-877f-x836: Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Vi↗2022-05-14

▶

CVEList

CVE-2011-3413: Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Vi↗2011-12-14

▶