CVE-2011-1972
Microsoft Visio 2003 SP3, 2007 SP2, 2010 Gold and SP1 - Remote Code Execution via Crafted File Parsing
Title source: llmDescription
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-221A.html
Scores
EPSS
0.2220
EPSS Percentile
97.4%
Details
CWE
CWE-20
Status
published
Products (3)
microsoft/visio
2003 sp3
microsoft/visio
2007 sp2
microsoft/visio
2010 (4 CPE variants)
Published
Aug 10, 2011
Tracked Since
Feb 18, 2026