ID CVE-2009-0096
Summary Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:49)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-02-11T04:02:56.993-05:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Office Visio 2002 SP2 is installed
    oval oval:org.mitre.oval:def:692
  • comment Microsoft Office Visio 2003 is installed
    oval oval:org.mitre.oval:def:1450
  • comment Microsoft Office Visio 2007 is installed
    oval oval:org.mitre.oval:def:5261
description Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:6172
status accepted
submitted 2009-02-10T16:00:00
title Memory Corruption Vulnerability
version 5
refmap via4
cert TA09-041A
ms MS09-005
vupen ADV-2009-0391
Last major update 12-10-2018 - 21:49
Published 10-02-2009 - 22:30
Back to Top