Vulnerabilities > Microsoft > Visio > 2013

DATE CVE VULNERABILITY TITLE RISK
2023-01-10 CVE-2023-21736 Unspecified vulnerability in Microsoft products
Microsoft Office Visio Remote Code Execution Vulnerability
local
low complexity
microsoft
7.8
2023-01-10 CVE-2023-21737 Unspecified vulnerability in Microsoft products
Microsoft Office Visio Remote Code Execution Vulnerability
local
low complexity
microsoft
7.8
2023-01-10 CVE-2023-21741 Unspecified vulnerability in Microsoft products
Microsoft Office Visio Information Disclosure Vulnerability
network
low complexity
microsoft
7.1
2022-12-13 CVE-2022-44695 Unspecified vulnerability in Microsoft 365 Apps, Office and Visio
Microsoft Office Visio Remote Code Execution Vulnerability
local
low complexity
microsoft
7.8
2021-03-11 CVE-2021-27055 Unspecified vulnerability in Microsoft 365 Apps, Office and Visio
Microsoft Visio Security Feature Bypass Vulnerability
local
high complexity
microsoft
7.0
2020-04-15 CVE-2020-0760 Improper Input Validation vulnerability in Microsoft products
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'.
network
microsoft CWE-20
6.8
2016-06-16 CVE-2016-3235 Permissions, Privileges, and Access Controls vulnerability in Microsoft Visio and Visio Viewer
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
network
microsoft CWE-264
critical
9.3
2016-01-13 CVE-2016-0012 Information Exposure vulnerability in Microsoft products
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."
network
microsoft CWE-200
4.3
2015-11-11 CVE-2015-2503 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
network
microsoft CWE-264
critical
9.3
2015-08-15 CVE-2015-2423 Information Exposure vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability."
network
microsoft CWE-200
4.3