|Check Point Reference:||CPAI-2007-074|
|Date Published:||28 Jun 2007|
|Last Updated:||Monday 01 January, 2007|
|Source:||Microsoft Security Bulletin MS07-030|
|Protection Provided by:|
|Who is Vulnerable?||Microsoft Visio 2002 SP2|
|Vulnerability Description||Multiple remote code execution vulnerabilities have been reported in Microsoft Visio. Microsoft Visio is diagram creation software for Microsoft Windows. A remote attacker can exploit these vulnerabilities via a specially crafted Visio file. Successful exploitation may allow execution of arbitrary code on a vulnerable system.|
|Update/Patch Avaliable||Apply patches:|
Microsoft Security Bulletin MS07-030
|Vulnerability Details||CVE-2007-0934: The vulnerability is due to an error in Microsoft Visio that fails to properly validate the version number field when processing version related data of a Visio file.
CVE-2007-0936: The vulnerability is due to a memory corruption error in Microsoft Visio that fails to properly handle the parsing of a packed object.
A remote attacker could trigger these flaws by convincing the victim to open a specially crafted Visio file (.VSD, VSS, or .VST). Successful exploitation of these issues allows execution of arbitrary code once a malformed Visio file is being loaded on a vulnerable system.