Lucene search

[email protected]CVE-2012-0137

HistoryFeb 14, 2012 - 10:55 p.m.

CVE-2012-0137

2012-02-1422:55:01

CWE-94

[email protected]

web.nvd.nist.gov

120

cve-2012-0137

microsoft visio viewer

memory corruption

file parsing

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.706 High

EPSS

Percentile

98.1%

JSON

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka “VSD File Format Memory Corruption Vulnerability,” a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.

Affected configurations

NVD

Node

microsoftvisio_viewerMatch2010

microsoftvisio_viewerMatch2010sp1

CPENameOperatorVersion
microsoft:visio_viewermicrosoft visio viewereq2010

CPE	Name	Operator	Version
microsoft:visio_viewer	microsoft visio viewer	eq	2010

References

www.us-cert.gov/cas/techalerts/TA12-045A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14602

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.706 High

EPSS

Percentile

98.1%

JSON

Related for CVE-2012-0137

prion5 cvelist5 nvd5 cve4 nessus1 openvas2 mskb1 securityvulns1 symantec5 checkpoint_advisories5 seebug1