Signature Detail
Short Name |
HTTP:STC:DL:VISIO-INV-VERSION |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Visio Version Number Handling Code Execution Vulnerability |
Release Date |
2010/10/11 |
Update Number |
1789 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Visio Version Number Handling Code Execution Vulnerability
A remote code-execution vulnerability exists in the way An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Microsoft Visio will terminate resulting in the loss of any unsaved data from the current session.
Extended Description
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attempts will result in denial-of-service conditions.
Affected Products
- Microsoft Visio 2002 SP1
- Microsoft Visio 2002 SP2
- Microsoft Visio 2002
- Microsoft Visio 2003 SP1
- Microsoft Visio 2003 SP2
- Microsoft Visio 2003
References
- BugTraq: 24349
- CVE: CVE-2007-0934