Lucene search
AnonymousAniway (Aniway.Anyway AT gmail DOT com)ZDI-11-043HistoryFeb 07, 2011 - 12:00 a.m.
(0Day) Microsoft Office Drawing Object Remote Code Execution Vulnerability
2011-02-0700:00:00
AnonymousAniway (Aniway.Anyway AT gmail DOT com)
www.zerodayinitiative.com
11
0.94 High
EPSS
Percentile
99.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the applicationβs support for the office drawing file format. When parsing shape data within a particular container, the application will add a reference to an object to a linked list. If an error occurs during parsing, the application will free each element yet fail to remove the reference. Afterward, the application will use this reference. This can lead to code execution under the context of the application.
Related
cve
cve
CVE-2011-0977
2011-02-10 19:00:01
cvelist
cvelist
CVE-2011-0977
2011-02-10 18:00:00
openvas
openvas
Microsoft Excel 2007 Office Drawing Layer RCE Vulnerability
2011-02-23 00:00:00
Microsoft Office Remote Code Execution Vulnerabilities (2489293)
2011-04-13 00:00:00
seebug
seebug
Microsoft ExcelεΎε±ζ¬η©ΊζιθΏη¨δ»£η ζ§θ‘ζΌζ΄(MS11-023)
2011-04-15 00:00:00
nvd
nvd
CVE-2011-0977
2011-02-10 19:00:01
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2011-02-10 19:00:00
nessus
nessus
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2011-04-17 00:00:00