CVSS: 7.5EPSS: 26%CPEs: 3EXPL: 0CVE-2013-1301
https://notcve.org/view.php?id=CVE-2013-1301
15 May 2013 — Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." Microsoft Visio 2003 SP3 2007 SP3, y 2010 SP1 permite a atacantes remotos leer ficheros de su elección mediante un documento XML conteniendo una declaración de entidad externa junto con una referencia de entidad, también conocido como "Vulnerabilidad de reslu... • http://www.us-cert.gov/ncas/alerts/TA13-134A • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 61%CPEs: 6EXPL: 0CVE-2011-1972
https://notcve.org/view.php?id=CVE-2011-1972
10 Aug 2011 — Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." Microsoft Visio 2003 SP3, 2007 SP2 y 2010 Gold y SP1 no valida adecuadamente los objetos en memoria durante el análisis sintáctico del fichero Visio, esto permite a atacantes remotos ejecutar código de su elección mediante un fichero manipulado. También se conoce c... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 61%CPEs: 2EXPL: 0CVE-2011-1979
https://notcve.org/view.php?id=CVE-2011-1979
10 Aug 2011 — Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability." Microsoft Visio 2003 SP3 y 2007 SP2 no valida apropiadamente objetos en memoria durante el "parseo" de archivos Visio, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo modificado. También conocida como "Move Around the Block RCE Vulnerability"... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 45%CPEs: 3EXPL: 0CVE-2011-0093
https://notcve.org/view.php?id=CVE-2011-0093
10 Feb 2011 — ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." ELEMENTS.DLL en Microsoft Visio 2002 SP2, 2003 SP3, y 2007 SP2 no parsea adecuadamente estructuras durante la apertura de un archivo Visio lo que permite que atacantes remotos ejectuten código de su elección a través de ... • http://osvdb.org/70829 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 45%CPEs: 3EXPL: 0CVE-2011-0092 – Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability
https://notcve.org/view.php?id=CVE-2011-0092
08 Feb 2011 — The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." La funcionalidad de descompresión de transmisión LZW en la biblioteca ORMELEMS.DLL en Visio 2002 SP2, 2003 SP3 y 2... • http://osvdb.org/70828 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 45%CPEs: 1EXPL: 2CVE-2010-3148 – Microsoft Visio 2003 - 'mfc71enu.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3148
27 Aug 2010 — Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." Vulnerabilidad de ruta de búsqueda no confiable en Microsoft Visio 2003 permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro de... • https://www.exploit-db.com/exploits/14744 •
CVSS: 7.8EPSS: 79%CPEs: 4EXPL: 3CVE-2010-1681 – Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028)
https://notcve.org/view.php?id=CVE-2010-1681
05 May 2010 — Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. Desbordamiento de búffer basado en pila en VISIODWG.DLL anterior a v10.0.6880.4 en Microsoft Office Visio permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un archivo DXF manipulado, una vulnerabilidad diferente de CVE-2010-0254 y CVE-20... • https://www.exploit-db.com/exploits/17451 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 20%CPEs: 4EXPL: 0CVE-2010-0254
https://notcve.org/view.php?id=CVE-2010-0254
14 Apr 2010 — Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 y SP2 bi vakuda adecuadamente los atributos en los ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado, conocido como "Visio Attribute... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 20%CPEs: 4EXPL: 0CVE-2010-0256
https://notcve.org/view.php?id=CVE-2010-0256
14 Apr 2010 — Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 y SP2 no calcula adecuadamente índices no especificado asociados con ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero mani... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 66%CPEs: 61EXPL: 0CVE-2009-3126
https://notcve.org/view.php?id=CVE-2009-3126
14 Oct 2009 — Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •