VYPR
Unrated severityNVD Advisory· Published Feb 10, 2011· Updated Jun 16, 2026

CVE-2011-0092

CVE-2011-0092

Description

The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Microsoft/Visio4 versions
    cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*
    • (no CPE)range: 2002 SP2, 2003 SP3, 2007 SP2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.