Unrated severityNVD Advisory· Published Feb 10, 2011· Updated Apr 29, 2026

CVE-2011-0092

Description

The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."

Affected products

Microsoft/Visio3 versions
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/43254nvdVendor Advisory
www.vupen.com/english/advisories/2011/0321nvdVendor Advisory
osvdb.org/70828nvd
www.securityfocus.com/archive/1/516274/100/0/threadednvd
www.securityfocus.com/bid/46137nvd
www.securitytracker.com/idnvd
www.zerodayinitiative.com/advisories/ZDI-11-063/nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008nvd
exchange.xforce.ibmcloud.com/vulnerabilities/64923nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.036
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000