CVE-2011-0093

Name of the Vulnerable Software and Affected Versions Microsoft Visio versions 2002 SP2, 2003 SP3, 2007 SP2

Description A remote code execution issue exists due to improper parsing of structures when handling specially crafted Visio files. This allows attackers to execute arbitrary code via a file containing a malformed structure. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less affected than those operating with administrative user rights.

Recommendations For Microsoft Visio 2002 SP2, update to a version that properly parses structures during the opening of a Visio file. For Microsoft Visio 2003 SP3, update to a version that properly parses structures during the opening of a Visio file. For Microsoft Visio 2007 SP2, update to a version that properly parses structures during the opening of a Visio file.