(MS11-008) Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2011-0092,CVE-2011-0093
Date du conseil: 10 février 2011
Description
This security update addresses two vulnerabilities in Microsoft Visio, could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploits the system could gain the same user rights as the logged-on user. More specifically, this update addresses the vulnerabilities by correcting the way that Microsoft Visio handles corrupted structures and objects in memory when parsing specially crafted Visio files.
Information Exposure Rating:
For information on patches specific to the affected software, please proceed to the Microsoft Web page.
Affected software and version:
- Microsoft Visio 2002 Service Pack 2
- Microsoft Visio 2003 Service Pack 3
- Microsoft Visio 2007 Service Pack 2