CVE-2016-3235

Name of the Vulnerable Software and Affected Versions Microsoft Visio versions 2007 SP3 through 2016 Microsoft Visio Viewer versions 2007 SP3 through 2010

Description The issue is related to errors in library loading, which can allow a remote attacker to elevate their privileges using a specially crafted application. This can lead to the attacker gaining control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Visio versions 2007 SP3 through 2016, update to a version that includes the fix for the library loading issue. For Microsoft Visio Viewer versions 2007 SP3 through 2010, update to a version that includes the fix for the library loading issue. As a temporary workaround, consider restricting the use of library loading functionality in Microsoft Visio and Visio Viewer until a patch is available.