(MS12-031) Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
Gravedad: High
Identificadores de CVE : CVE-2012-0018
Fecha recomendada: 09 de mayo de 2012
Descripción
A vulnerability in the way MS Visio handles specially crafted files could allow an attacker to take control of the vulnerable system. Logged on users that have lesser privileges on the affected system are less impacted by the effects of this vulnerability.
As a workaround, Microsoft recommends to block ActiveX Controls and Active Scripting to help block execution of specially crafted files automatically. More information on this workaround is found in the Microsoft bulletin.
Soluciones
Software y versión afectados
- Microsoft Visio Viewer 2010 (32-bit Edition)
- Microsoft Visio Viewer 2010 Service Pack 1 (32-bit Edition)
- Microsoft Visio Viewer 2010 (64-bit Edition)
- Microsoft Visio Viewer 2010 Service Pack 1 (64-bit Edition)