CVSS: 9.3EPSS: 51%CPEs: 3EXPL: 0CVE-2011-0093
https://notcve.org/view.php?id=CVE-2011-0093
ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." ELEMENTS.DLL en Microsoft Visio 2002 SP2, 2003 SP3, y 2007 SP2 no parsea adecuadamente estructuras durante la apertura de un archivo Visio lo que permite que atacantes remotos ejectuten código de su elección a través de archivos que contienen una estructura malformadas, también conocido como "Visio Data Type Memory Corruption Vulnerability." • http://osvdb.org/70829 http://secunia.com/advisories/43254 http://www.securityfocus.com/bid/46138 http://www.securitytracker.com/id?1025043 http://www.vupen.com/english/advisories/2011/0321 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/64924 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 84%CPEs: 3EXPL: 0CVE-2011-0092 – Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability
https://notcve.org/view.php?id=CVE-2011-0092
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." La funcionalidad de descompresión de transmisión LZW en la biblioteca ORMELEMS.DLL en Visio 2002 SP2, 2003 SP3 y 2007 SP2 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Visio con una transmisión VisioDocument malformada que activa a un manejador de excepciones que tiene acceso a un objeto que no ha sido inicializado completamente, lo que desencadena una corrupción de memoria, también se conoce como "Visio Object Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Visio handles parsing the VisioDocument stream. Upon handling a malformed stream, the application will raise an exception. • http://osvdb.org/70828 http://secunia.com/advisories/43254 http://www.securityfocus.com/archive/1/516274/100/0/threaded http://www.securityfocus.com/bid/46137 http://www.securitytracker.com/id?1025043 http://www.vupen.com/english/advisories/2011/0321 http://www.zerodayinitiative.com/advisories/ZDI-11-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/64923 https://oval.cisecurity.org/repository/sea • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 75%CPEs: 4EXPL: 3CVE-2010-1681 – Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028)
https://notcve.org/view.php?id=CVE-2010-1681
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. Desbordamiento de búffer basado en pila en VISIODWG.DLL anterior a v10.0.6880.4 en Microsoft Office Visio permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un archivo DXF manipulado, una vulnerabilidad diferente de CVE-2010-0254 y CVE-2010-0256. • https://www.exploit-db.com/exploits/17451 https://www.exploit-db.com/exploits/14944 http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow http://www.exploit-db.com/exploits/14944 http://www.securityfocus.com/archive/1/511121/100/0/threaded http://www.securityfocus.com/bid/39836 http://www.securitytracker.com/id?1023938 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 42%CPEs: 4EXPL: 0CVE-2010-0256
https://notcve.org/view.php?id=CVE-2010-0256
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 y SP2 no calcula adecuadamente índices no especificado asociados con ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado, conocido como "Visio Index Calculation Memory Corruption Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 39%CPEs: 4EXPL: 0CVE-2010-0254
https://notcve.org/view.php?id=CVE-2010-0254
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 y SP2 bi vakuda adecuadamente los atributos en los ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado, conocido como "Visio Attribute Validation Memory Corruption Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819 • CWE-94: Improper Control of Generation of Code ('Code Injection') •