CVE-2009-0095 — Microsoft Visio vulnerability

CWE-3993 documents3 sources

Severity

9.3CRITICALNVD

EPSS

48.8%

top 2.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visio

Timeline

PublishedFeb 10

Latest updateMay 2

Description

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/visio2002, 2003, 2007+2

🔴Vulnerability Details

GHSA

GHSA-w69g-qpc5-9834: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execut↗2022-05-02

▶

CVEList

CVE-2009-0095: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execut↗2009-02-10

▶