#VU44292 Code Injection in Visio Viewer - CVE-2012-0020

Cybersecurity Help s.r.o.

Published: 2012-02-15 | Updated: 2020-11-20

Vulnerability identifier: #VU44292

Vulnerability risk: High

CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2012-0020

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Visio Viewer
Client/Desktop applications / Office applications

Vendor: Microsoft

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Visio Viewer: 2010

External links
https://www.us-cert.gov/cas/techalerts/TA12-045A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14965

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Microsoft Visio Viewer