CVE-2012-0138

2012-02-1422:55:01

CWE-94

microsoft

web.nvd.nist.gov

117

microsoft

visio

viewer

2010

gold

sp1

memory corruption

vulnerability

cve-2012-0138

nvd

code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.706

Percentile

98.1%

JSON

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka “VSD File Format Memory Corruption Vulnerability,” a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.

Affected configurations

Nvd

Node

microsoftvisio_viewerMatch2010

microsoftvisio_viewerMatch2010sp1

VendorProductVersionCPE
microsoftvisio_viewer2010cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*
microsoftvisio_viewer2010cpe:2.3:a:microsoft:visio_viewer:2010:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	visio_viewer	2010	cpe:2.3:a:microsoft:visio_viewer:2010:::::::*
microsoft	visio_viewer	2010	cpe:2.3:a:microsoft:visio_viewer:2010:sp1::::::