CVE-2010-0256

CWE-94 — Code Injection5 documents4 sources

Severity

7.6HIGH

EPSS

20.5%

top 4.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visio

Timeline

PublishedApr 14

Latest updateMay 2

Description

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/visio2002, 2003, 2007+2

🔴Vulnerability Details

GHSA

GHSA-3w7r-ghxm-95w6: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which all↗2022-05-02

▶

CVEList

CVE-2010-0256: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which all↗2010-04-14

▶

💥Exploits & PoCs

Exploit-DB

War-FTPD 1.65 - 'Username' Remote Overflow (Metasploit)↗2010-07-03

▶

Exploit-DB

War-FTPD 1.65 - Password Overflow (Metasploit)↗2010-07-03

▶