Microsoft Visio Multiple Vulnerabilities( 09 April 2008 )
RISK: Medium Risk
1. Visio Object Header Vulnerability
A remote code execution vulnerability exists in the way Microsoft Visio validates object header data in specially crafted files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.
2. Visio Memory Validation Vulnerability
A remote code execution vulnerability exists in the way Microsoft Visio validates memory allocations when loading specially-crafted .DXF files from disk into memory. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office XP Service Pack 2
- Microsoft Visio 2002 Service Pack 2 - Microsoft Office 2003 Service Pack 2
- Microsoft Visio 2003 Service Pack 2 - Microsoft Office 2003 Service Pack 3
- Microsoft Visio 2003 Service Pack 3 - 2007 Microsoft Office System
- Microsoft Visio 2007 - 2007 Microsoft Office System Service Pack 1
- Microsoft Visio 2007 Service Pack 1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Office XP Service Pack 2
- Microsoft Visio 2002 Service Pack 2 - Microsoft Office 2003 Service Pack 2
- Microsoft Visio 2003 Service Pack 2 - Microsoft Office 2003 Service Pack 3
- Microsoft Visio 2003 Service Pack 3 - 2007 Microsoft Office System
- Microsoft Visio 2007 - 2007 Microsoft Office System Service Pack 1
- Microsoft Visio 2007 Service Pack 1
Vulnerability Identifier
Source
Related Link
Share with