Microsoft Visio 'DXF' File Insertion Buffer Overflow Vulnerability
BID:39836
Info
Microsoft Visio 'DXF' File Insertion Buffer Overflow Vulnerability
| Bugtraq ID: | 39836 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2010-1681 |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2010 12:00AM |
| Updated: | Sep 08 2010 11:22AM |
| Credit: | Daniel Kazimirow, from Core Security Technologies |
| Vulnerable: |
Microsoft Visio 2007 SP2 Microsoft Visio 2007 SP1 Microsoft Visio 2003 SP3 Microsoft Visio 2002 SP2 |
| Not Vulnerable: | |
Discussion
Microsoft Visio 'DXF' File Insertion Buffer Overflow Vulnerability
Microsoft Visio is prone to a remote buffer-overflow vulnerability. This issue arises when the application processes a malicious file.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
Microsoft Visio is prone to a remote buffer-overflow vulnerability. This issue arises when the application processes a malicious file.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
Microsoft Visio 'DXF' File Insertion Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Microsoft Visio 'DXF' File Insertion Buffer Overflow Vulnerability
Solution:
This issue is reported to be patched in Microsoft security advisory MS10-028; please see the references for more information.
Microsoft Visio 2002 SP2
Microsoft Visio 2003 SP3
Microsoft Visio 2007 SP1
Microsoft Visio 2007 SP2
Solution:
This issue is reported to be patched in Microsoft security advisory MS10-028; please see the references for more information.
Microsoft Visio 2002 SP2
-
Microsoft Security Update for Microsoft Visio 2002 (KB979364)
http://www.microsoft.com/downloads/details.aspx?familyid=2d563cbc-d8f7 -486b-8c54-25d168085376
Microsoft Visio 2003 SP3
-
Microsoft Security Update for Microsoft Office Visio 2003 (KB979356)
http://www.microsoft.com/downloads/details.aspx?familyid=803a7ea0-a9da -46dd-9548-0177d3774be7
Microsoft Visio 2007 SP1
-
Microsoft Security Update for Microsoft Office Visio 2007 (KB979365)
http://www.microsoft.com/downloads/details.aspx?familyid=56fe020f-4444 -4a43-aa98-e99a622f6a69
Microsoft Visio 2007 SP2
-
Microsoft Security Update for Microsoft Office Visio 2007 (KB979365)
http://www.microsoft.com/downloads/details.aspx?familyid=56fe020f-4444 -4a43-aa98-e99a622f6a69
References
Microsoft Visio 'DXF' File Insertion Buffer Overflow Vulnerability
References:
References:
- Microsoft Office Visio DXF File Insertion Buffer Overflow (Core Security Technologies)
- Visio Homepage (Microsoft)
- Microsoft Security Bulletin MS10-028 (Microsoft)