CVSS: 7.6EPSS: 76%CPEs: 4EXPL: 3CVE-2010-1681 – Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028)
https://notcve.org/view.php?id=CVE-2010-1681
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. Desbordamiento de búffer basado en pila en VISIODWG.DLL anterior a v10.0.6880.4 en Microsoft Office Visio permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un archivo DXF manipulado, una vulnerabilidad diferente de CVE-2010-0254 y CVE-2010-0256. • https://www.exploit-db.com/exploits/17451 https://www.exploit-db.com/exploits/14944 http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow http://www.exploit-db.com/exploits/14944 http://www.securityfocus.com/archive/1/511121/100/0/threaded http://www.securityfocus.com/bid/39836 http://www.securitytracker.com/id?1023938 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 39%CPEs: 4EXPL: 0CVE-2010-0254
https://notcve.org/view.php?id=CVE-2010-0254
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 y SP2 bi vakuda adecuadamente los atributos en los ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado, conocido como "Visio Attribute Validation Memory Corruption Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 42%CPEs: 4EXPL: 0CVE-2010-0256
https://notcve.org/view.php?id=CVE-2010-0256
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 y SP2 no calcula adecuadamente índices no especificado asociados con ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado, conocido como "Visio Index Calculation Memory Corruption Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 13%CPEs: 3EXPL: 0CVE-2009-0097
https://notcve.org/view.php?id=CVE-2009-0097
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." Microsoft Office Visio v2002 SP2 and v2003 SP3 no valida de forma adecuada el posicionamiento en memoria de los ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado, también conocido como "Memory Corruption Vulerability" • http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0391 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 44%CPEs: 3EXPL: 0CVE-2009-0096
https://notcve.org/view.php?id=CVE-2009-0096
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 no realiza correctamente la copia de memoria para los datos de objetos, lo que permite a atacantes remotos ejecutar código a su elección a través de un documento de Visio manipulado, también conocido como "Vulnerabilidad de corrupción de memoria" • http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0391 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172 • CWE-399: Resource Management Errors •