CVE-2009-0095

Name of the Vulnerable Software and Affected Versions Microsoft Office Visio versions 2002 SP2, 2003 SP3, and 2007 SP1

Description A remote code execution issue exists due to improper validation of object data in Visio files. This allows attackers to execute arbitrary code via a crafted file. An attacker could exploit this by sending a specially crafted file, which could be included as an e-mail attachment or hosted on a specially crafted or compromised web site. If successfully exploited, an attacker could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact is reduced for users with fewer user rights on the system compared to those operating with administrative user rights.

Recommendations For Microsoft Office Visio 2002 SP2, consider applying the necessary patch to fix the memory validation issue. For Microsoft Office Visio 2003 SP3, apply the patch that addresses the object data validation vulnerability. For Microsoft Office Visio 2007 SP1, update to a version that includes the fix for the remote code execution vulnerability.