<< Back
CVE Number Vulnerability Product Severity Date
MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692) Microsoft Visio Important 15-05-2013

Technical Information

Brief overview of the risk:
The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Detailed Information on the risk:

An information disclosure vulnerability exists in the way that Microsoft Visio parses specially crafted XML files containing external entities.

Further information on this exploit is available at : MS13-044

Affected Software

Microsoft Visio 2003 Service Pack 3
Microsoft Visio 2007 Service Pack 3
Microsoft Visio 2010 Service Pack 1 (32-bit editions)
Microsoft Visio 2010 Service Pack 1 (64-bit editions)