Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) |
Informations | |||
---|---|---|---|
Name | MS07-030 | First vendor Publication | 2007-06-12 |
Vendor | Microsoft | Last vendor Modification | 2007-06-12 |
Severity (Vendor) | Important | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This important update resolves two privately discovered and responsibly reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms07-030.mspx?pubDate=2 (...) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1369 | |||
Oval ID: | oval:org.mitre.oval:def:1369 | ||
Title: | Visio Document Packaging Vulnerability | ||
Description: | Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0936 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office Visio 2002 Microsoft Office 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1925 | |||
Oval ID: | oval:org.mitre.oval:def:1925 | ||
Title: | Version Number Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0934 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office Visio 2002 Microsoft Office 2003 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35343 | Microsoft Visio Document Handling Crafted Packed Object Arbitrary Code Execution |
35342 | Microsoft Visio Document Handling Crafted Version Number Arbitrary Code Execu... |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-10 | Microsoft Visio packed object parsing memory corruption attempt RuleID : 33308 - Revision : 3 - Type : FILE-OTHER |
2015-03-10 | Microsoft Visio packed object parsing memory corruption attempt RuleID : 33307 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Visio version number anomaly RuleID : 26089 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Visio version number anomaly RuleID : 11836 - Revision : 19 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-06-14 | Name : Arbitrary code can be executed on the remote host through Visio. File : smb_nt_ms07-030.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-03-10 21:24:07 |
|
2014-02-17 11:45:41 |
|
2014-01-19 21:30:05 |
|