CVE-2011-0977: Use After Free
First published: Thu Feb 10 2011(Updated: )
Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Excel | =2007 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft
- http://secunia.com/advisories/43216
- http://secunia.com/advisories/44015
- http://www.securitytracker.com/id?1025343
- http://www.us-cert.gov/cas/techalerts/TA11-102A.html
- http://www.vupen.com/english/advisories/2011/0942
- http://zerodayinitiative.com/advisories/ZDI-11-043/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12339
Frequently Asked Questions
What is the severity of CVE-2011-0977?
CVE-2011-0977 is classified as a critical severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2011-0977?
To fix CVE-2011-0977, users should apply the latest security updates provided by Microsoft for affected Office versions.
What software is affected by CVE-2011-0977?
CVE-2011-0977 affects Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, and versions of Office for Mac.
Can CVE-2011-0977 be exploited remotely?
Yes, CVE-2011-0977 can be exploited remotely by attackers through malformed shape data in Office drawing files.
What are the risks associated with CVE-2011-0977?
The risks of CVE-2011-0977 include unauthorized remote code execution that can compromise system integrity and data security.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft office excel
- version/microsoft office excel/2007