CVE-2011-1972

CVE Database · CVE-2011-1972

CVE-2011-1972

· N/AModified

CVSS v3.1

N/A

EPSS

22.20%

Published

Aug 10, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."

Weaknesses (CWE)

CWE-20

Affected Products (6)

microsoft · visiovulnerable

References (6)

http://www.us-cert.gov/cas/techalerts/TA11-221A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852

http://www.us-cert.gov/cas/techalerts/TA11-221A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852

KEV Catalog EPSS Scores Vendors All CVEs