#VU44293 Code Injection in Visio Viewer - CVE-2012-0136
Published: February 15, 2012 / Updated: November 20, 2020
Vulnerability identifier: #VU44293
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2012-0136
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Visio Viewer
Visio Viewer
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
Remediation
Install update from vendor's website.