Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Visio multiple security vulnerabilities
updated since 16.04.2010
Published:04.05.2010
Source:
SecurityVulns ID:10765
Type:client
Threat Level:
5/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Visio 2002
 MICROSOFT : Visio 2003
 MICROSOFT : Visio 2007
CVE:CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.)
 CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability.")
 CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow (04.05.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-028 - Important Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) (16.04.2010)
Files:Microsoft Security Bulletin MS10-028 - Important Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod