Microsoft Visio DXF file insertion buffer overflow

Added: 05/07/2010
CVE: CVE-2010-1681
BID: 39836

Background

Microsoft Visio is a component of the Microsoft Office suite which provides the capability to produce diagrams.

Problem

A buffer overflow vulnerability allows command execution when a user inserts a specially crafted DXF file into a Visio document.

Resolution

Apply the patch found in Microsoft Security Bulletin 10-028.

References

<http://www.securityfocus.com/archive/1/511121&gt;

Limitations

Exploit works on Microsoft Visio 2002 SP2 and requires a user to drag and drop the exploit file into Visio.

Platforms

Windows