Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2011-1972

Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."

  • Published: Aug 10, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-1972
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
microsoft / visio 2010-sp1 2010-sp1.x
microsoft / visio 2007-sp2 2007-sp2.x
microsoft / visio 2010 2010.x
microsoft / visio 2003-sp3 2003-sp3.x