Lucene search
ProcyunZDI-11-063HistoryFeb 08, 2011 - 12:00 a.m.
Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability
2011-02-0800:00:00
Procyun
www.zerodayinitiative.com
18
EPSS
0.849
Percentile
98.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Visio handles parsing the VisioDocument stream. Upon handling a malformed stream, the application will raise an exception. While handling this exception, the application will access the vtable of an object that hasn’t been completely initialized yet. Successful exploitation could lead to code execution under the context of the application.
Related
cve
cve
CVE-2011-0092
2011-02-10 16:00:31
cvelist
cvelist
CVE-2011-0092
2011-02-10 15:00:00
symantec
symantec
nvd
nvd
CVE-2011-0092
2011-02-10 16:00:31
checkpoint_advisories
checkpoint_advisories
prion
prion
Memory corruption
2011-02-10 16:00:00
securityvulns
securityvulns
ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability
2011-02-11 00:00:00
Microsoft Visio multiple security vulnerabilities
2011-02-11 00:00:00
nessus
nessus
openvas
openvas
Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
2011-02-09 00:00:00
Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
2011-02-09 00:00:00