CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS07-030 | Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) | Microsoft Visio | Critical | 13-06-2007 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in Microsoft Visio as a result of the way it incorrectly handles the parsing of packed objects within the Visio file format. An attacker could exploit this vulnerability by constructing a malicious Visio (.VSD, VSS, or .VST) file that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted Visio attachment included in an e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Detailed Information on the risk:
This vulnerability requires that a user open a specially crafted Visio file with an affected version of Microsoft Visio.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by convincing the user to open the file.
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Visio file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s site.Further information on this exploit is available at : MS07-030
Affected Software
Microsoft Visio 2002 Service Pack 2Microsoft Visio 2003 Service Pack 2