BID:53328

Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability

Info

Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability

Bugtraq ID:	53328
Class:	Unknown
CVE:	CVE-2012-0018
Remote:	Yes
Local:	No
Published:	May 08 2012 12:00AM
Updated:	May 08 2012 12:00AM
Credit:	Luigi Auriemma working with VeriSign iDefense Labs
Vulnerable:	Microsoft Visio Viewer 2010 (64-bit Edition) SP1 Microsoft Visio Viewer 2010 (64-bit Edition) 0 Microsoft Visio Viewer 2010 (32-bit Edition) SP1 Microsoft Visio Viewer 2010 (32-bit Edition) 0

Not Vulnerable:

Discussion

Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability

Microsoft Visio Viewer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

Exploit / POC

Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability

Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

Microsoft Visio Viewer 2010 (64-bit Edition) 0

Microsoft Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=331d8247-559c -4040-bdea-84cb6fd5dee2

Microsoft Visio Viewer 2010 (32-bit Edition) SP1

Microsoft Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=0d21d110-c787 -49b6-8384-6eaf9da5a38f

Microsoft Visio Viewer 2010 (32-bit Edition) 0

Microsoft Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=0d21d110-c787 -49b6-8384-6eaf9da5a38f

Microsoft Visio Viewer 2010 (64-bit Edition) SP1

Microsoft Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=331d8247-559c -4040-bdea-84cb6fd5dee2

References

Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability

References:

Visio Homepage (Microsoft)
Microsoft Security Bulletin MS12-031 (Microsoft)