CVE-2015-2557

Name of the Vulnerable Software and Affected Versions Microsoft Visio versions 2007 SP3 through 2010 SP2

Description The issue is caused by a buffer overflow in Microsoft Visio, allowing a remote attacker to execute arbitrary code via specially crafted UML data in an Office document. This can occur when the Office software fails to properly handle objects in memory. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. The exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Visio versions 2007 SP3 and 2010 SP2, update to a version that is not affected by this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.