Microsoft: >> Visio >> 2003 Security Vulnerabilities
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
CVSS Score
4.3
EPSS Score
0.268
Published
2013-05-15
Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
CVSS Score
9.3
EPSS Score
0.61
Published
2011-08-10
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
CVSS Score
9.3
EPSS Score
0.61
Published
2011-08-10
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
CVSS Score
9.3
EPSS Score
0.446
Published
2011-02-10
ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
CVSS Score
9.3
EPSS Score
0.44
Published
2011-02-10
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
CVSS Score
9.3
EPSS Score
0.265
Published
2010-08-27
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
CVSS Score
7.6
EPSS Score
0.791
Published
2010-05-06
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
CVSS Score
7.6
EPSS Score
0.205
Published
2010-04-14
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
CVSS Score
7.6
EPSS Score
0.205
Published
2010-04-14
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
CVSS Score
9.3
EPSS Score
0.487
Published
2009-02-10
Page 1