Microsoft Visio vulnerability could allow remote code execution
Report ID: MS201208008
Date Published: 15 August 2012
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Visio 2010
Microsoft Visio Viewer 2010
Summary
A vulnerability in Microsoft Visio could be exploited by a remote attacker in order to execute arbitrary code and take control of an affected system.
Detailed Description
Microsoft has released a security update for Microsoft Visio to address a vulnerability that was caused by improper memory handling when parsing a specially crafted Visio files. An attacker who successfully exploit the vulnerability could execute arbitrary code in the context of a logged-on user, potentially take complete control of the system if the user is logged-on with administrative rights.
The patch for this vulnerability has been introduced through the latest security update by making correction on the way that Microsoft Visio validates data when parsing files. To protect their system from potential exploit attempts, users are recommended to install the latest update for applicable system.
CVE Reference
CVE-2012-1888
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-059)
