Signature Detail

HTTP: Microsoft Office Visio VSD File Icon Bits Memory Corruption

This signature detects attempts to exploit a known remote code-execution vulnerability in Microsoft Visio. It is due to incorrect handling of the Icon Bits in a crafted Microsoft Visio file. A remote attacker can exploit this by enticing the target user to open a malicious Microsoft Visio file, potentially causing arbitrary code to be injected and executed on the target. In a successful attack, the behavior of the target depends on the intention of the attacker. Any code injected is executed within the security context of the currently logged in user. In an unsuccessful code execution attack, Microsoft Visio terminates resulting in the loss of any unsaved data from the current session.

Extended Description

Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to run arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Microsoft Visio 2002 SP1
• Microsoft Visio 2002 SP2
• Microsoft Visio 2002
• Microsoft Visio 2002 Professional SP2
• Microsoft Visio 2002 Standard SP2
• Microsoft Visio 2003 SP1
• Microsoft Visio 2003 SP2
• Microsoft Visio 2003 SP3
• Microsoft Visio 2003
• Microsoft Visio 2003 Professional
• Microsoft Visio 2003 Standard
• Microsoft Visio 2007 SP1
• Microsoft Visio 2007

References

• BugTraq: 33659
• CVE: CVE-2009-0095