Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2012-02-14 |
| Product | Visio Viewer | Last view | 2016-06-15 |
| Version | 2002 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2016-06-15 | CVE-2016-3235 | Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." |
| 9.3 | 2013-03-12 | CVE-2013-0079 | Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability." |
| 9.3 | 2012-08-14 | CVE-2012-1888 | Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability." |
| 9.3 | 2012-05-08 | CVE-2012-0018 | Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." |
| 9.3 | 2012-02-14 | CVE-2012-0138 | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. |
| 9.3 | 2012-02-14 | CVE-2012-0137 | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. |
| 9.3 | 2012-02-14 | CVE-2012-0136 | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. |
| 9.3 | 2012-02-14 | CVE-2012-0020 | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. |
| 9.3 | 2012-02-14 | CVE-2012-0019 | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 71% (5) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 14% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:14347 | VSD File Format Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:14965 | VSD File Format Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:14924 | VSD File Format Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:14602 | VSD File Format Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:14811 | VSD File Format Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:15606 | VSD File Format Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:15811 | Visio DXF File Format Buffer Overflow Vulnerability - MS12-059 |
| oval:org.mitre.oval:def:16300 | Visio Viewer Tree Object Type Confusion Vulnerability - MS13-023 |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-08-15 | Name : Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918) File : nvt/secpod_ms12-059.nasl |
| 2012-05-09 | Name : Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) File : nvt/secpod_ms12-031.nasl |
| 2012-02-15 | Name : Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510) File : nvt/secpod_ms12-015.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-B-0028 | Microsoft Visio Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0037412 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Office Visio TAG_xxxSect code execution attempt RuleID : 26973 - Type : FILE-OFFICE - Revision : 8 |
| 2014-01-10 | Microsoft Office Visio TAG_xxxSheet code execution attempt RuleID : 26164 - Type : FILE-OFFICE - Revision : 6 |
| 2014-01-10 | Microsoft Office Visio TAG_xxxSheet code execution attempt RuleID : 26163 - Type : FILE-OFFICE - Revision : 6 |
| 2014-01-10 | Microsoft Office Visio DXF file text overflow attempt RuleID : 23957 - Type : FILE-OFFICE - Revision : 9 |
| 2014-01-10 | Microsoft Office Visio DXF file text overflow attempt RuleID : 23956 - Type : FILE-OFFICE - Revision : 6 |
| 2014-01-10 | Microsoft Office Visio DXF file text overflow attempt RuleID : 23843 - Type : FILE-OFFICE - Revision : 10 |
| 2014-01-10 | Microsoft Office Visio DXF file text overflow attempt RuleID : 23842 - Type : FILE-OFFICE - Revision : 13 |
| 2014-01-10 | Microsoft Office Visio TAG_xxxSect code execution attempt RuleID : 23059 - Type : FILE-OFFICE - Revision : 9 |
| 2014-01-10 | Microsoft Office Visio IndexDirectorySize greater than ChildrenSize memory ac... RuleID : 22075 - Type : FILE-OFFICE - Revision : 10 |
| 2014-01-10 | Microsoft Office Visio TAG_xxxSheet code execution attempt RuleID : 21307 - Type : FILE-OFFICE - Revision : 12 |
| 2014-01-10 | Microsoft Office Visio TAG_OLEChunk code execution attempt RuleID : 21302 - Type : FILE-OFFICE - Revision : 12 |
| 2014-01-10 | Microsoft Office Visio TAG_xxxSect code execution attempt RuleID : 21301 - Type : FILE-OFFICE - Revision : 13 |
| 2014-01-10 | Microsoft Office Visio corrupted compressed data memory corruption attempt RuleID : 21293 - Type : FILE-OFFICE - Revision : 8 |
| 2014-01-10 | Microsoft Office Visio invalid row option attempt RuleID : 21291 - Type : FILE-OFFICE - Revision : 7 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-06-15 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms16-070.nasl - Type: ACT_GATHER_INFO |
| 2013-03-12 | Name: Arbitrary code can be executed on the remote Windows host through Visio or Vi... File: smb_nt_ms13-023.nasl - Type: ACT_GATHER_INFO |
| 2012-08-15 | Name: Arbitrary code can be executed on the remote Windows host through Visio or Vi... File: smb_nt_ms12-059.nasl - Type: ACT_GATHER_INFO |
| 2012-05-09 | Name: Arbitrary code can be executed on the remote host through Microsoft Visio Vie... File: smb_nt_ms12-031.nasl - Type: ACT_GATHER_INFO |
| 2012-02-14 | Name: Arbitrary code can be executed on the remote host through Microsoft Visio Vie... File: smb_nt_ms12-015.nasl - Type: ACT_GATHER_INFO |
