CVE-2010-0254
published 2010-04-14CVE-2010-0254: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute…
PriorityP350high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
17.92%
96.8th percentile
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visio | — | — |
| microsoft | visio | — | — |
| microsoft | visio | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9mgc-jxh6-mqj2: Buffer overflow in VISIODWG
ghsa_unreviewed·2022-05-14·CVSS 7.6
CVE-2010-1681 [HIGH] CWE-119 GHSA-9mgc-jxh6-mqj2: Buffer overflow in VISIODWG
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
GHSA
GHSA-x9fj-vxmr-hcmm: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to
ghsa_unreviewed·2022-05-02
CVE-2010-0254 [HIGH] CWE-94 GHSA-x9fj-vxmr-hcmm: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819
2010-04-14
Published