Vulnerabilities > Microsoft > Visio > 2003
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-15 | CVE-2013-1301 | Information Exposure vulnerability in Microsoft Visio 2003/2007/2010 Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." | 4.3 |
2011-08-10 | CVE-2011-1979 | Improper Input Validation vulnerability in Microsoft Visio 2003/2007 Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability." | 9.3 |
2011-08-10 | CVE-2011-1972 | Improper Input Validation vulnerability in Microsoft Visio 2003/2007/2010 Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." | 9.3 |
2011-02-10 | CVE-2011-0093 | Code Injection vulnerability in Microsoft Visio 2002/2003/2007 ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." | 9.3 |
2011-02-10 | CVE-2011-0092 | Code Injection vulnerability in Microsoft Visio 2002/2003/2007 The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." | 9.3 |
2010-08-27 | CVE-2010-3148 | Unspecified vulnerability in Microsoft Visio 2003 Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." | 9.3 |
2010-05-06 | CVE-2010-1681 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Visio 2002/2003/2007 Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. | 7.6 |
2010-04-14 | CVE-2010-0256 | Code Injection vulnerability in Microsoft Visio 2002/2003/2007 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx 'Users of Microsoft Office Visio 2002 and later versions of Visio will be prompted with Open, Save, or Cancel before opening a document. | 7.6 |
2010-04-14 | CVE-2010-0254 | Code Injection vulnerability in Microsoft Visio 2002/2003/2007 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx 'Users of Microsoft Office Visio 2002 and later versions of Visio will be prompted with Open, Save, or Cancel before opening a document. | 7.6 |
2009-02-10 | CVE-2009-0097 | Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007 Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." | 9.3 |