Microsoft Visio multiple security vulnerabilities

Microsoft Visio multiple security vulnerabilities updated since 16.04.2010
Published:		04.05.2010
Source:		MICROSOFT
SecurityVulns ID:		10765
Type:		client
Threat Level:		5/10
Description:		Multiple memory corruptions.

Affected:		MICROSOFT : Visio 2002
		MICROSOFT : Visio 2003
		MICROSOFT : Visio 2007
CVE:		CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.)
		CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability.")
		CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability.")

Original document		CORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow (04.05.2010)
		MICROSOFT, Microsoft Security Bulletin MS10-028 - Important Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) (16.04.2010)

Files: