CVE-2011-0092

Name of the Vulnerable Software and Affected Versions Microsoft Visio versions 2002 SP2 through 2007 SP2

Description The issue allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream, triggering memory corruption. A remote code execution vulnerability exists in the way that Microsoft Visio validates objects in memory when parsing specially crafted Visio files. An attacker who successfully exploited this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Visio versions 2002 SP2 through 2007 SP2, update to a version that is not affected by this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.