CVE-2011-1982
Microsoft Office 2007 SP2 and 2010 Gold/SP1 - Remote Code Execution via Crafted Word Document
Title source: llmDescription
Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12243
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/909022
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Scores
EPSS
0.2770
EPSS Percentile
97.9%
Details
CWE
CWE-20
Status
published
Products (2)
microsoft/office
2007 sp2
microsoft/office
2010 (4 CPE variants)
Published
Sep 15, 2011
Tracked Since
Feb 18, 2026