Signature Detail

HTTP: Malformed Microsoft Visio File

This signature detects attempts to exploit a known vulnerability in Microsoft Visio. Visio 2002, Visio 2003, and Visio 2007 are affected. A successful exploit can result in arbitrary code execution.

Extended Description

Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Microsoft visio_2002 SP1
• Microsoft visio_2002 SP2
• Microsoft visio_2002 SP3
• Microsoft visio_2002
• Microsoft visio_2002_professional SP2
• Microsoft visio_2002_standard SP2
• Microsoft visio_2003 SP1
• Microsoft visio_2003 SP2
• Microsoft visio_2003 SP3
• Microsoft visio_2003
• Microsoft visio_2003_professional
• Microsoft visio_2003_standard
• Microsoft visio_2007 SP1
• Microsoft visio_2007 SP2
• Microsoft visio_2007

References

• BugTraq: 46138
• CVE: CVE-2011-0092
• CVE: CVE-2011-0093