Type Confusion Vulnerability in Microsoft Visio Viewer 2010
CVE-2013-0079

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visio Viewer; Office Filter Pack; Visio
Vendor: CVE Published:; 13 March 2013

Summary

Microsoft Visio Viewer 2010 SP1 contains a type confusion vulnerability that enables remote attackers to execute arbitrary code on the affected system by crafting a malicious Visio file. This vulnerability arises from incorrect memory allocation when processing the Visio Tree Object, allowing exploitation through specially designed files.

References

http://www.kb.cert.org/vuls/id/851777

third-party-advisoryx_refsource_CERT-VN

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/ncas/alerts/TA13-071A

third-party-advisoryx_refsource_CERT

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 13, 2013
Vulnerability Reserved
Nov 27, 2012