CVE-2012-0020

2012-02-1422:55:01

CWE-94

microsoft

web.nvd.nist.gov

105

microsoft visio viewer

2010

gold

sp1

remote attackers

arbitrary code

crafted attributes

visio file

memory corruption

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.706

Percentile

98.1%

JSON

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka “VSD File Format Memory Corruption Vulnerability,” a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.

Affected configurations

Nvd

Node

microsoftvisio_viewerMatch2010

microsoftvisio_viewerMatch2010sp1

VendorProductVersionCPE
microsoftvisio_viewer2010cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*
microsoftvisio_viewer2010cpe:2.3:a:microsoft:visio_viewer:2010:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	visio_viewer	2010	cpe:2.3:a:microsoft:visio_viewer:2010:::::::*
microsoft	visio_viewer	2010	cpe:2.3:a:microsoft:visio_viewer:2010:sp1::::::