CVE-2011-1972
critical
Microsoft CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
55.4%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: August 10, 2011 (5391 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD
Vulnerability Report
Generated by CyberWatcher
Description
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
CWE
CWE-20Affected Products
microsoft visio