CVE-2010-0256
Published Apr 14, 2010
Last updated 6 years ago
Overview
- Description
- Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.6
- Impact score
- 10
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-94
Evaluator
- Comment
- -
- Impact
- Per: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx 'Users of Microsoft Office Visio 2002 and later versions of Visio will be prompted with Open, Save, or Cancel before opening a document. This is a mitigating factor because the vulnerability requires more than a single user action to complete the exploit.'
- Solution
- Per: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx 'Users of Microsoft Office Visio 2002 and later versions of Visio will be prompted with Open, Save, or Cancel before opening a document. This is a mitigating factor because the vulnerability requires more than a single user action to complete the exploit.'
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E"
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE"
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C98FD6E-B9EA-4231-8127-31A8D2D25040"
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E822A55C-0440-4622-9284-A5DF70D49C63"
}
],
"operator": "OR"
}
]
}
]