Vulnerabilities > CVE-2009-0097 - Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
CWE-399
critical
nessus
NVD
Published: 2009-02-10
Updated: 2018-10-12

Summary

Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS09-005
bulletin_url
date2009-02-10T00:00:00
impactRemote Code Execution
knowledgebase_id957634
knowledgebase_url
severityImportant
titleVulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS09-005.NASL
descriptionThe remote host contains a version of Microsoft Visio that is affected by memory corruption and memory validation vulnerabilities triggered when parsing specially crafted Visio files that could be be abused to execute arbitrary code on the remote host. To exploit this vulnerability, an attacker would need to send a specially crafted Visio document to a user on the remote host and trick him into opening it.
last seen2020-06-01
modified2020-06-02
plugin id35633
published2009-02-11
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/35633
titleMS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(35633);
  script_version("1.24");
  script_cvs_date("Date: 2018/11/15 20:50:30");

  script_cve_id("CVE-2009-0095", "CVE-2009-0096", "CVE-2009-0097");
  script_bugtraq_id(33659, 33660, 33661);
  script_xref(name:"MSFT", value:"MS09-005");
  script_xref(name:"MSKB", value:"955654");
  script_xref(name:"MSKB", value:"955655");
  script_xref(name:"MSKB", value:"957381");

  script_name(english:"MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)");
  script_summary(english:"Determines the presence of update 957634");

  script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through Visio.");
  script_set_attribute(attribute:"description", value:
"The remote host contains a version of Microsoft Visio that is affected
by memory corruption and memory validation vulnerabilities triggered
when parsing specially crafted Visio files that could be be abused to
execute arbitrary code on the remote host.

To exploit this vulnerability, an attacker would need to send a
specially crafted Visio document to a user on the remote host and
trick him into opening it.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-005");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Microsoft Visio 2002, 2003
and 2007.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visio");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}


include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("audit.inc");

include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS09-005';
kbs = make_list("955654", "955655", "957381");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

vuln = 0;
share = '';
lastshare = '';
accessibleshare = FALSE;
visioinstalls = get_kb_list_or_exit("SMB/Office/Visio/*/VisioPath");
foreach install (keys(visioinstalls))
{
  if ("12.0" >< install || "11.0" >< install || "10.0" >< install)
  {
    path = visioinstalls[install];
  }
  else continue;

  share = hotfix_path2share(path:path);
  if (share != lastshare || !accessibleshare)
  {
    lastshare = share;
    if (is_accessible_share(share:share))
    {
      accessibleshare = TRUE;
    }
    else accessibleshare = FALSE;
  }
  if (accessibleshare)
  {
    if ("12.0" >< install)  # Visio 2007
    {
      if (hotfix_check_fversion(path:path, file:"Vislib.dll", version:"12.0.6336.5001", bulletin:bulletin, kb:"957381") == HCF_OLDER) vuln++;
    }
    else if ("11.0" >< install)  # Visio 2003
    {
      if (hotfix_check_fversion(path:path, file:"Visio11\Vislib.dll", version:"11.0.8223.0", bulletin:bulletin, kb:"955655") == HCF_OLDER) vuln++;
    }
    else if ("10.0" >< install)  # Visio 2002
    {
      if ( hotfix_check_fversion(path:path, file:"Visio10\Vislib.dll", version:"10.0.6885.4", bulletin:bulletin, kb:"955654") == HCF_OLDER) vuln++;
    }
  }
}
if (vuln)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  exit(0);
}
else audit(AUDIT_HOST_NOT, 'affected');

Oval

accepted2013-02-11T04:02:58.195-05:00
classvulnerability
contributors
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
  • commentMicrosoft Office Visio 2002 SP2 is installed
    ovaloval:org.mitre.oval:def:692
  • commentMicrosoft Office Visio 2003 is installed
    ovaloval:org.mitre.oval:def:1450
descriptionMicrosoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
familywindows
idoval:org.mitre.oval:def:6188
statusaccepted
submitted2009-02-10T16:00:00
titleMemory Corruption Vulnerability
version5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 33659,33660,33661 CVE(CAN) ID: CVE-2009-0095,CVE-2009-0096,CVE-2009-0097 Visio是微软Office套件中的图形编辑工具。 Microsoft Office Visio在打开Visio文件时验证对象数据、复制内存中的对象数据和处理内存的方式存在多个内存破坏漏洞。攻击者可能通过发送特制的文件来利用该漏洞,该文件可能作为电子邮件附件提供或者宿主在特制的或被破坏的网站上。 如果用户使用管理用户权限登录,成功利用此漏洞的攻击者便可完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。 Microsoft Visio 2007 SP1 Microsoft Visio 2003 SP3 Microsoft Visio 2002 SP2 临时解决方法: * 不要打开从不受信任来源或从受信任来源意外收到的Visio文件。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS09-005)以及相应补丁: MS09-005:Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx?pf=true</a>
idSSV:4744
last seen2017-11-19
modified2009-02-13
published2009-02-13
reporterRoot
titleOffice Visio多个内存破坏漏洞(MS09-005)

References