Show plain JSON{"id": "CVE-2011-0107", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-04-13T18:55:01.283", "references": [{"url": "http://osvdb.org/71767", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/44015", "source": "secure@microsoft.com"}, {"url": "http://www.fortiguard.com/advisory/FGA-2011-13.html", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/47246", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1025343", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0942", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12655", "source": "secure@microsoft.com"}, {"url": "http://osvdb.org/71767", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/44015", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.fortiguard.com/advisory/FGA-2011-13.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/47246", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1025343", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0942", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12655", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Office Component Insecure Library Loading Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable en Microsoft Office XP SP3, Office 2003 SP3 y Office 2007 SP2 permite a usuarios locales conseguir privilegios a trav\u00e9s de un troyano DLL en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. docx, tambi\u00e9n conocida como \"Vulnerabilidad de carga de librer\u00eda insegura de Office. \""}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA"}, {"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www.microsoft.com/technet/security/Bulletin/MS11-023.mspx\r\n\r\nAccess Vector: Network per \"This is a remote code execution vulnerability\"", "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \r\n'CWE-426: Untrusted Search Path'", "sourceIdentifier": "secure@microsoft.com"}