CVE-2008-1090

2008-04-0823:05:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-1090

microsoft visio

remote code execution

memory validation

dxf file

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.595 Medium

EPSS

Percentile

97.8%

JSON

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka “Visio Memory Validation Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2003sp2

microsoftofficeMatch2003sp3

microsoftofficeMatch2007

microsoftofficeMatch2007_sp1

microsoftofficeMatchxpsp2

microsoftvisioMatch2002sp2

microsoftvisioMatch2003sp1

microsoftvisioMatch2003_sp3

microsoftvisioMatch2007

microsoftvisioMatch2007_sp1

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2007_sp1
microsoft:officemicrosoft officeeqxp
microsoft:visiomicrosoft visioeq2002
microsoft:visiomicrosoft visioeq2003
microsoft:visiomicrosoft visioeq2003_sp3
microsoft:visiomicrosoft visioeq2007
microsoft:visiomicrosoft visioeq2007_sp1

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2007_sp1
microsoft:office	microsoft office	eq	xp
microsoft:visio	microsoft visio	eq	2002
microsoft:visio	microsoft visio	eq	2003
microsoft:visio	microsoft visio	eq	2003_sp3
microsoft:visio	microsoft visio	eq	2007
microsoft:visio	microsoft visio	eq	2007_sp1