{"vuid":"VU#909022","idnumber":"909022","name":"Microsoft Office uninitialized object pointer vulnerability","keywords":["microsoft","office","uninitialized pointer","FOE"],"overview":"Microsoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code.","clean_desc":"Code in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading binary (Word 97-2003 format) Word documents.","impact":"By convincing a user to open a specially crafted Office document, an attacker may be able to execute arbitrary code.","resolution":"Apply an update This issue is addressed in Microsoft Security Bulletin MS11-073.","workarounds":"Block Office 2003 and earlier documents from untrusted sources Microsoft Security Bulletin MS11-073 details how to use the Microsoft Office File Block policy to prevent specific file format types from being opened in Microsoft Office.","sysaffected":"","thanks":"This issue was reported by David Warren.","author":"This document was written by David Warren.","public":["http://technet.microsoft.com/en-us/security/bulletin/ms11-073","http://technet.microsoft.com/en-us/library/cc179230.aspx"],"cveids":["CVE-2011-1982"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-11-30T18:52:41Z","publicdate":"2011-09-13T00:00:00Z","datefirstpublished":"2011-09-13T19:20:16Z","dateupdated":"2012-03-28T15:13:10Z","revision":25,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"2","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.62","cam_scorecurrentwidelyknown":"2.07","cam_scorecurrentwidelyknownexploited":"3.87","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:P","cvss_temporalscore":"7","cvss_environmentalscore":"7","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":1.62,"vulnote":null}