CVE-2010-0254

Name of the Vulnerable Software and Affected Versions Microsoft Office Visio versions 2002 SP2, 2003 SP3, 2007 SP1, 2007 SP2

Description A remote code execution issue exists due to improper validation of attributes in Visio files. This allows attackers to execute arbitrary code via a crafted file. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights compared to those operating with administrative rights.

Recommendations For Microsoft Office Visio 2002 SP2, update to a version that properly validates attributes in Visio files. For Microsoft Office Visio 2003 SP3, update to a version that properly validates attributes in Visio files. For Microsoft Office Visio 2007 SP1, update to a version that properly validates attributes in Visio files. For Microsoft Office Visio 2007 SP2, update to a version that properly validates attributes in Visio files.