Windows : Microsoft Bulletins : Microsoft Visio Remote Code Execution Vulnerabilities (2451879)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902287

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Visio Remote Code Execution Vulnerabilities (2451879)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS11-008.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS11-008.

Vulnerability Insight:
The flaws are due to:

- A memory corruption error when handling certain objects while parsing
malformed Visio files, which could be exploited by attackers to execute
arbitrary code.

- A memory corruption error when handling corrupted structures while parsing
malformed Visio files, which could be exploited by attackers to execute
arbitrary code.

Vulnerability Impact:
Successful exploitation could allow users to execute arbitrary code via a
specially crafted Visio file.

Affected Software/OS:
- Microsoft Visio 2002 Service Pack 2 and prior

- Microsoft Visio 2003 Service Pack 3 and prior

- Microsoft Visio 2007 Service Pack 2 and pripr

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 46138
BugTraq ID: 46137
Common Vulnerability Exposure (CVE) ID: CVE-2011-0092
http://www.securityfocus.com/bid/46137
Bugtraq: 20110208 ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516274/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-11-063/
Microsoft Security Bulletin: MS11-008
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008
http://osvdb.org/70828
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403
http://www.securitytracker.com/id?1025043
http://secunia.com/advisories/43254
http://www.vupen.com/english/advisories/2011/0321
XForce ISS Database: ms-visio-object-code-execution(64923)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64923
Common Vulnerability Exposure (CVE) ID: CVE-2011-0093
http://www.securityfocus.com/bid/46138
http://osvdb.org/70829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469
XForce ISS Database: ms-visio-data-code-execution(64924)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64924

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902287
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS11-008.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-008. Vulnerability Insight: The flaws are due to: - A memory corruption error when handling certain objects while parsing malformed Visio files, which could be exploited by attackers to execute arbitrary code. - A memory corruption error when handling corrupted structures while parsing malformed Visio files, which could be exploited by attackers to execute arbitrary code. Vulnerability Impact: Successful exploitation could allow users to execute arbitrary code via a specially crafted Visio file. Affected Software/OS: - Microsoft Visio 2002 Service Pack 2 and prior - Microsoft Visio 2003 Service Pack 3 and prior - Microsoft Visio 2007 Service Pack 2 and pripr Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 46138 BugTraq ID: 46137 Common Vulnerability Exposure (CVE) ID: CVE-2011-0092 http://www.securityfocus.com/bid/46137 Bugtraq: 20110208 ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516274/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-063/ Microsoft Security Bulletin: MS11-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008 http://osvdb.org/70828 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403 http://www.securitytracker.com/id?1025043 http://secunia.com/advisories/43254 http://www.vupen.com/english/advisories/2011/0321 XForce ISS Database: ms-visio-object-code-execution(64923) https://exchange.xforce.ibmcloud.com/vulnerabilities/64923 Common Vulnerability Exposure (CVE) ID: CVE-2011-0093 http://www.securityfocus.com/bid/46138 http://osvdb.org/70829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469 XForce ISS Database: ms-visio-data-code-execution(64924) https://exchange.xforce.ibmcloud.com/vulnerabilities/64924
Copyright	Copyright (C) 2011 Greenbone Networks GmbH