CVE-2012-0138
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
Microsoft Visio Viewer 2020 Gold y SP1 no maneja adecuadamente la memoria durante la validación de archivos, lo que premite a atacantes remotos ejecutar código de su elección a través de atributos modificados en un archivo de Visio, también conocido como "VSD File Format Memory Corruption Vulnerability". Una vulnerabilidad diferente de CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, y CVE-2012-0137.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-12-13 CVE Reserved
- 2012-02-14 CVE Published
- 2024-06-22 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-045A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14811 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Visio Viewer Search vendor "Microsoft" for product "Visio Viewer" | 2010 Search vendor "Microsoft" for product "Visio Viewer" and version "2010" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Viewer Search vendor "Microsoft" for product "Visio Viewer" | 2010 Search vendor "Microsoft" for product "Visio Viewer" and version "2010" | sp1 |
Affected
| ||||||