CVE-2009-0096 - Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operat

CVE-2009-0096

Summary

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 12-10-2018 - 21:49)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS09-005
bulletin_url
date	2009-02-10T00:00:00
impact	Remote Code Execution
knowledgebase_id	957634
knowledgebase_url
severity	Important
title	Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution

oval via4

accepted

2013-02-11T04:02:56.993-05:00

class

vulnerability

contributors

name Dragos Prisaca
organization Gideon Technologies, Inc.
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment Microsoft Office Visio 2002 SP2 is installed
oval oval:org.mitre.oval:def:692
comment Microsoft Office Visio 2003 is installed
oval oval:org.mitre.oval:def:1450
comment Microsoft Office Visio 2007 is installed
oval oval:org.mitre.oval:def:5261

description

family

windows

oval:org.mitre.oval:def:6172

status

accepted

submitted

2009-02-10T16:00:00

title

Memory Corruption Vulnerability

version

refmap via4

cert	TA09-041A
vupen	ADV-2009-0391

Last major update

12-10-2018 - 21:49

Published

10-02-2009 - 22:30

Last modified

12-10-2018 - 21:49