CVE-2008-1090Microsoft Office vulnerability

CWE-3993 documents3 sources
Severity
9.3CRITICALNVD
EPSS
59.4%
top 1.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft OfficeMicrosoft Visio
Timeline
PublishedApr 8
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/visio5 versions+4
NVDmicrosoft/office4 versions+3

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-cc9j-97rw-w58w: Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary2022-05-01
CVEList
CVE-2008-1090: Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary2008-04-08
CVE-2008-1090 — Microsoft Office vulnerability | cvebase