Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Visio Viewer vulnerability could allow remote code execution


Report ID: MS201303003
Date Published: 13 March 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Visio Viewer 2010
Microsoft Visio 2010
Microsoft Office 2010 Filter Pack




Summary

A vulnerability in Microsoft Visio Viewer could allow an attacker to execute arbitrary code and take control of an affected system, if successfully exploited.



Detailed Description

Microsoft has released a security update for Microsoft Visio Viewer to address a vulnerability that was caused by improper memory handling when parsing specially crafted Visio files. Upon successful exploitation, an attacker could be able to execute code and take control of an affected system.

The security update resolved this issue by correcting the way that Microsoft Visio Viewer allocates memory when parsing files. Users are recommended to install this update to protect their system from possible exploit attempts.



CVE Reference

CVE-2013-0079



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-023)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.