CVE-2011-1979

Microsoft Visio 2003 SP3 and 2007 SP2 - Remote Code Execution via Crafted File Parsing

Title source: llm
STIX 2.1

Description

Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-221A.html

Scores

EPSS 0.2220
EPSS Percentile 97.4%

Details

CWE
CWE-20
Status published
Products (2)
microsoft/visio 2003 sp3
microsoft/visio 2007 sp2
Published Aug 10, 2011
Tracked Since Feb 18, 2026