Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability
BID:39300
Info
Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability
| Bugtraq ID: | 39300 |
| Class: | Unknown |
| CVE: |
CVE-2010-0254 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2010 12:00AM |
| Updated: | May 14 2010 03:11PM |
| Credit: | Bing Liu of Fortinet's FortiGuard Labs |
| Vulnerable: |
Microsoft Visio 2007 SP2 Microsoft Visio 2007 SP1 Microsoft Visio 2003 SP3 Microsoft Visio 2002 SP2 |
| Not Vulnerable: | |
Discussion
Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability
Microsoft Visio is prone to a remote code-execution vulnerability. This issue arises when the application processes a malicious file.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
Microsoft Visio is prone to a remote code-execution vulnerability. This issue arises when the application processes a malicious file.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability
Solution:
The vendor has released an advisory and fixes. Please see the references for more information.
Microsoft Visio 2002 SP2
Microsoft Visio 2003 SP3
Microsoft Visio 2007 SP1
Microsoft Visio 2007 SP2
Solution:
The vendor has released an advisory and fixes. Please see the references for more information.
Microsoft Visio 2002 SP2
-
Microsoft Security Update for Microsoft Visio 2002 (KB979364)
http://www.microsoft.com/downloads/details.aspx?familyid=2d563cbc-d8f7 -486b-8c54-25d168085376
Microsoft Visio 2003 SP3
-
Microsoft Security Update for Microsoft Office Visio 2003 (KB979356)
http://www.microsoft.com/downloads/details.aspx?familyid=803a7ea0-a9da -46dd-9548-0177d3774be7
Microsoft Visio 2007 SP1
-
Microsoft Security Update for Microsoft Office Visio 2007 (KB979365)
http://www.microsoft.com/downloads/details.aspx?familyid=56fe020f-4444 -4a43-aa98-e99a622f6a69
Microsoft Visio 2007 SP2
-
Microsoft Security Update for Microsoft Office Visio 2007 (KB979365)
http://www.microsoft.com/downloads/details.aspx?familyid=56fe020f-4444 -4a43-aa98-e99a622f6a69
References
Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability
References:
References:
- FGA-2010-17: Fortinet Discovers Multiple Microsoft Visio Vulnerabilities (MS10-0 (Fortinet)
- Visio Homepage (Microsoft)
- Microsoft Security Bulletin MS10-028 (Microsoft)