MS11-073  MS11-073 - Important : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634) - Version: 1.0

Version2011-09-13 Severity Rating: Important Revision Note: V1.0 (September 13, 2011): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin details at Microsoft.com

Related CVE Entries

CVE-2011-1980

Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
Max CVSS
9.3
EPSS Score
91.62%
Published
2011-09-15
Updated
2018-10-12

CVE-2011-1982

Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
Max CVSS
9.3
EPSS Score
86.03%
Published
2011-09-15
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close