CVE-2010-0256

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA10-103A.html	US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:visio:2002:sp2::::::
	cpe:2.3:a:microsoft:visio:2003:sp3::::::
	cpe:2.3:a:microsoft:visio:2007:sp1::::::
	cpe:2.3:a:microsoft:visio:2007:sp2::::::

Information

Published : 2010-04-14 09:00

Updated : 2018-10-12 14:56

NVD link : CVE-2010-0256

Mitre link : CVE-2010-0256

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

microsoft

visio

7.6 /10