Microsoft Visio Insecure Library Loading Vulnerability

Last Update Date: 11 Jul 2011 10:41 Release Date: 11 Jul 2011 6248 Views

RISK: High Risk

High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability has been identified in Microsoft Visio, which can be exploited by malicious people to compromise a vulnerable system.

 
The vulnerability is caused due to the application loading libraries (e.g. mfc71enu.dll and mfc71loc.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Microsoft Visio Stencil (".vss") file located on a remote WebDAV or SMB share.
 
Successful exploitation allows execution of arbitrary code.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Visio 2003

Solutions

  • Do not open untrusted files.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

ISC BIND Multiple Denial of Service Vulnerabilities

6 Jul 2011 6340 Views

Next

Sun Java JRE Insecure Executable Loading Vulnerability

12 Jul 2011 6421 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY