CVE-2010-0254Code Injection in Microsoft Visio

CWE-94Code Injection3 documents3 sources
Severity
7.6HIGHNVD
EPSS
20.5%
top 4.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Visio
Timeline
PublishedApr 14
Latest updateMay 2

Description

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/visio2002, 2003, 2007+2

🔴Vulnerability Details

2
GHSA
GHSA-x9fj-vxmr-hcmm: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to2022-05-02
CVEList
CVE-2010-0254: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to2010-04-14
CVE-2010-0254 — Code Injection in Microsoft Visio | cvebase