Vulnerability Note VU#909022
Microsoft Office uninitialized object pointer vulnerability
Microsoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Code in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading binary (Word 97-2003 format) Word documents.
By convincing a user to open a specially crafted Office document, an attacker may be able to execute arbitrary code.
Apply an update
This issue is addressed in Microsoft Security Bulletin MS11-073.
Block Office 2003 and earlier documents from untrusted sources
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||30 Nov 2010||13 Sep 2011|
CVSS Metrics (Learn More)
This issue was reported by David Warren.
This document was written by David Warren.
- CVE IDs: CVE-2011-1982
- Date Public: 13 Sep 2011
- Date First Published: 13 Sep 2011
- Date Last Updated: 28 Mar 2012
- Severity Metric: 1.62
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.