CVE-2012-1888

Name of the Vulnerable Software and Affected Versions Microsoft Visio versions 2010 SP1 Microsoft Visio Viewer versions 2010 SP1

Description This issue allows remote attackers to execute arbitrary code via a crafted Visio file. It is a remote code execution vulnerability that enables an attacker to run arbitrary code as the current user. If the current user has administrative user rights, an attacker could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Visio version 2010 SP1, update to a version that is not affected by this issue. For Microsoft Visio Viewer version 2010 SP1, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of crafted Visio files until a patch is available.