CVE-2010-0256

Name of the Vulnerable Software and Affected Versions Microsoft Office Visio versions 2002 SP2, 2003 SP3, 2007 SP1, and 2007 SP2

Description A remote code execution issue exists due to improper calculation of indexes associated with Visio files. This allows attackers to execute arbitrary code via a crafted file. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less affected than those operating with administrative user rights.

Recommendations For Microsoft Office Visio 2002 SP2, update to a version that properly calculates indexes to prevent remote code execution. For Microsoft Office Visio 2003 SP3, update to a version that properly calculates indexes to prevent remote code execution. For Microsoft Office Visio 2007 SP1 and SP2, update to a version that properly calculates indexes to prevent remote code execution.