Skip to main content

Microsoft Visio Multiple Vulnerabilities( 09 April 2008 )

Last Update Date: 28 Jan 2011 Release Date: 9 Apr 2008 5212 Views

RISK: Medium Risk

1. Visio Object Header Vulnerability

A remote code execution vulnerability exists in the way Microsoft Visio validates object header data in specially crafted files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

2. Visio Memory Validation Vulnerability

A remote code execution vulnerability exists in the way Microsoft Visio validates memory allocations when loading specially-crafted .DXF files from disk into memory. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Office XP Service Pack 2
    - Microsoft Visio 2002 Service Pack 2
  • Microsoft Office 2003 Service Pack 2
    - Microsoft Visio 2003 Service Pack 2
  • Microsoft Office 2003 Service Pack 3
    - Microsoft Visio 2003 Service Pack 3
  • 2007 Microsoft Office System
    - Microsoft Visio 2007
  • 2007 Microsoft Office System Service Pack 1
    - Microsoft Visio 2007 Service Pack 1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link