Secunia
Login
|
|
|
|
|
|
|
|
|
Microsoft Visio Two Code Execution Vulnerabilities
Release Date: 2007-06-12 Last Update: 2007-06-26 Views: 18,766
Secunia Advisory SA25619
Where:
From remote
Impact:
System access,
Solution Status:
Vendor Patch
Software:
CVE Reference(s):
Description
Two vulnerabilities have been reported in Microsoft Visio, which can be exploited by malicious people to compromise a user's system.
1) An input validation error in the handling of the version number field in a Visio (.VSD, VSS, or .VST) file can be exploited to corrupt memory via a specially crafted Visio file.
2) An error in the handling of packed objects in a Visio file can be exploited to corrupt memory via a specially crafted Visio file.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
Solution:
Apply patches.
Further details available to Secunia VIM customers
Provided and/or discovered by:
1) Reported by the vendor.
2) The vendor credits Chris Ries, Vigilant Minds.
Original Advisory:
MS07-030 (KB927051):
http://www.microsoft.com/technet/security/Bulletin/MS07-030.mspx
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Microsoft Visio Two Code Execution Vulnerabilities
|
No posts yet |
|
You must be logged in to post a comment. |
