CVE-2009-0096

Name of the Vulnerable Software and Affected Versions Microsoft Office Visio versions 2002 SP2, 2003 SP3, and 2007 SP1

Description A remote code execution issue exists due to improper memory copy operations for object data. This allows attackers to execute arbitrary code via a crafted Visio document. An attacker could exploit this by sending a malformed file, which could be included as an e-mail attachment or hosted on a specially crafted Web site. If successfully exploited, an attacker could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. The impact is more significant for users with administrative user rights.

Recommendations For Microsoft Office Visio 2002 SP2, update to a version that includes the fix for this issue. For Microsoft Office Visio 2003 SP3, update to a version that includes the fix for this issue. For Microsoft Office Visio 2007 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of crafted Visio documents until a patch is available. Restrict access to Visio documents from untrusted sources to minimize the risk of exploitation.