|Check Point Reference:||SBP-2008-05|
|Date Published:||8 Apr 2008|
|Last Updated:||Tuesday 01 January, 2008|
|Source:||Microsoft Security Bulletin MS08-019|
|Protection Provided by:|
|Who is Vulnerable?|| Microsoft Office XP SP3|
Microsoft Office 2003 SP2
Microsoft Office 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
|Vulnerability Description||Multiple remote code execution vulnerabilities have been reported in Microsoft Visio. Microsoft Visio is a diagram creation software for Microsoft Windows. A remote attacker can exploit these vulnerabilities via a specially crafted Visio file. Successful exploitation may allow execution of arbitrary code on a vulnerable system.|
|Update/Patch Avaliable||Apply patches:|
Microsoft Security Bulletin MS08-019
|Vulnerability Details||CVE-2008-1089: The vulnerability is due to an error in Microsoft Visio that fails to properly validate object header data when opening Visio files. |
CVE-2008-1090: The vulnerability is due to an error in Microsoft Visio that fails to properly validate memory allocations when loading specially crafted Visio files from disk into memory.
A remote attacker could trigger these flaws by convincing the victim to open a specially crafted Visio file (.VSD, VSS, or .VST). Successful exploitation of these issues allows execution of arbitrary code once a malformed Visio file is being loaded on a vulnerable system.