|MS13-044||Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)||Microsoft Visio||Important||15-05-2013|
Brief overview of the risk:
The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Detailed Information on the risk:
An information disclosure vulnerability exists in the way that Microsoft Visio parses specially crafted XML files containing external entities.
Further information on this exploit is available at : MS13-044
Affected SoftwareMicrosoft Visio 2003 Service Pack 3
Microsoft Visio 2007 Service Pack 3
Microsoft Visio 2010 Service Pack 1 (32-bit editions)
Microsoft Visio 2010 Service Pack 1 (64-bit editions)