9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Added: 06/15/2012
CVE: CVE-2011-3400
BID: 50977
OSVDB: 77663
Object Linking and Embedding (OLE) allows applications to create and edit compound documents. For example, a Microsoft Excel spreadsheet can be embedded within a Microsoft Word application.
A vulnerability when handling OLE objects in memory allows command execution when a user opens a file containing a specially crafted OLE object.
Apply the patch referenced in Microsoft Security Bulletin 11-093.
<http://technet.microsoft.com/en-us/security/bulletin/ms11-093>
Exploit works on Microsoft Visio Viewer 2010 and requires a user to open the exploit page in Internet Explorer 7.
Windows XP