CVE-2011-0092
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
10/02/2011
Last modified:
11/04/2025
Description
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/70828
- http://secunia.com/advisories/43254
- http://www.securityfocus.com/archive/1/516274/100/0/threaded
- http://www.securityfocus.com/bid/46137
- http://www.securitytracker.com/id?1025043=
- http://www.vupen.com/english/advisories/2011/0321
- http://www.zerodayinitiative.com/advisories/ZDI-11-063/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64923
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403
- http://osvdb.org/70828
- http://secunia.com/advisories/43254
- http://www.securityfocus.com/archive/1/516274/100/0/threaded
- http://www.securityfocus.com/bid/46137
- http://www.securitytracker.com/id?1025043=
- http://www.vupen.com/english/advisories/2011/0321
- http://www.zerodayinitiative.com/advisories/ZDI-11-063/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64923
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403