CVE-2011-1972

Name of the Vulnerable Software and Affected Versions Microsoft Visio versions 2003 SP3, 2007 SP2, and 2010 Gold and SP1

Description A remote code execution issue exists due to improper validation of objects in memory during Visio file parsing, allowing attackers to execute arbitrary code via a crafted file. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less affected than those operating with administrative user rights.

Recommendations For Microsoft Visio 2003 SP3, update to a version that properly validates objects in memory during file parsing to prevent remote code execution. For Microsoft Visio 2007 SP2, update to a version that properly validates objects in memory during file parsing to prevent remote code execution. For Microsoft Visio 2010 Gold and SP1, update to a version that properly validates objects in memory during file parsing to prevent remote code execution.