CVE-2011-0092
Last modified
CVE-2011-0092 is a vulnerability of currently unknown severity. The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability.". EPSS estimates a 24.22% chance of exploitation in the next 30 days.
Description
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Visio | 2002 | Sp2 |
| Microsoft | Visio | 2003 | Sp3 |
| Microsoft | Visio | 2007 | Sp2 |
References
- http://secunia.com/advisories/43254Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0321Vendor Advisory
- http://secunia.com/advisories/43254Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0321Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-0092?
How severe is CVE-2011-0092?
How do I fix CVE-2011-0092?
Are you affected by CVE-2011-0092?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST