CVE-2011-1982

Microsoft Office 2007 SP2 and 2010 Gold/SP1 - Remote Code Execution via Crafted Word Document

Title source: llm
STIX 2.1

Description

Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12243
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/909022
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-256A.html

Scores

EPSS 0.2770
EPSS Percentile 97.9%

Details

CWE
CWE-20
Status published
Products (2)
microsoft/office 2007 sp2
microsoft/office 2010 (4 CPE variants)
Published Sep 15, 2011
Tracked Since Feb 18, 2026