Microsoft Visio Viewer vulnerability could allow remote code execution
Report ID: MS201303003
Date Published: 13 March 2013
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Visio Viewer 2010
Microsoft Visio 2010
Microsoft Office 2010 Filter Pack
Summary
A vulnerability in Microsoft Visio Viewer could allow an attacker to execute arbitrary code and take control of an affected system, if successfully exploited.
Detailed Description
Microsoft has released a security update for Microsoft Visio Viewer to address a vulnerability that was caused by improper memory handling when parsing specially crafted Visio files. Upon successful exploitation, an attacker could be able to execute code and take control of an affected system.
The security update resolved this issue by correcting the way that Microsoft Visio Viewer allocates memory when parsing files. Users are recommended to install this update to protect their system from possible exploit attempts.
CVE Reference
CVE-2013-0079
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-023)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
