Improper input validation in Microsoft Office

CVE-2011-1982

Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitial…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.610 (98.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2007, 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

MS11-073 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:12243 (x_refsource_OVAL, signature, vdb-entry)
VU#909022 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
TA11-256A (US Government Resource, x_refsource_CERT, third-party-advisory)