Vulnerabilities > Microsoft > Visio > 2002

DATE CVE VULNERABILITY TITLE RISK
2011-02-10 CVE-2011-0093 Code Injection vulnerability in Microsoft Visio 2002/2003/2007
ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
9.3
2011-02-10 CVE-2011-0092 Code Injection vulnerability in Microsoft Visio 2002/2003/2007
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
9.3
2010-05-06 CVE-2010-1681 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Visio 2002/2003/2007
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
network
high complexity
microsoft CWE-119
7.6
2010-04-14 CVE-2010-0256 Code Injection vulnerability in Microsoft Visio 2002/2003/2007
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx 'Users of Microsoft Office Visio 2002 and later versions of Visio will be prompted with Open, Save, or Cancel before opening a document.
network
high complexity
microsoft CWE-94
7.6
2010-04-14 CVE-2010-0254 Code Injection vulnerability in Microsoft Visio 2002/2003/2007
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx 'Users of Microsoft Office Visio 2002 and later versions of Visio will be prompted with Open, Save, or Cancel before opening a document.
network
high complexity
microsoft CWE-94
7.6
2009-02-10 CVE-2009-0097 Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
network
microsoft CWE-399
critical
9.3
2009-02-10 CVE-2009-0096 Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
network
microsoft CWE-399
critical
9.3
2009-02-10 CVE-2009-0095 Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
network
microsoft CWE-399
critical
9.3
2008-09-11 CVE-2008-3015 Numeric Errors vulnerability in Microsoft products
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
network
microsoft CWE-189
critical
9.3
2008-09-11 CVE-2008-3014 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
network
microsoft CWE-119
critical
9.3