CVE-2008-1090

Name of the Vulnerable Software and Affected Versions Microsoft Visio versions 2002 SP2, 2003 SP2, 2003 SP3, and 2007 up to SP1

Description The issue allows remote attackers to execute arbitrary code via a crafted .DXF file. A remote code execution vulnerability exists in the way Microsoft Visio validates memory allocations when loading specially-crafted .DXF files from disk into memory. An attacker could exploit the vulnerability by sending a malformed file, which could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Recommendations For Microsoft Visio 2002 SP2, consider applying the fix to prevent exploitation of the memory validation issue. For Microsoft Visio 2003 SP2 and SP3, apply the recommended patch to resolve the remote code execution vulnerability. For Microsoft Visio 2007 up to SP1, update to a version that includes the fix for the Visio Memory Validation Vulnerability to prevent remote code execution attacks.