CVE-2010-0256
published 2010-04-14CVE-2010-0256: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows…
PriorityP349high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
17.92%
96.8th percentile
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visio | — | — |
| microsoft | visio | — | — |
| microsoft | visio | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9mgc-jxh6-mqj2: Buffer overflow in VISIODWG
ghsa_unreviewed·2022-05-14·CVSS 7.6
CVE-2010-1681 [HIGH] CWE-119 GHSA-9mgc-jxh6-mqj2: Buffer overflow in VISIODWG
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
GHSA
GHSA-3w7r-ghxm-95w6: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which all
ghsa_unreviewed·2022-05-02
CVE-2010-0256 [HIGH] CWE-94 GHSA-3w7r-ghxm-95w6: Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which all
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
No detection rules found.
Exploit-DB
War-FTPD 1.65 - 'Username' Remote Overflow (Metasploit)
exploitdb·2010-07-03
CVE-1999-0256 War-FTPD 1.65 - 'Username' Remote Overflow (Metasploit)
War-FTPD 1.65 - 'Username' Remote Overflow (Metasploit)
---
##
# $Id: warftpd_165_user.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'War-FTPD 1.65 Username Overflow',
'Description' => %q{
This module exploits a buffer overflow found in the USER command
of War-FTPD 1.65.
},
'Author' => 'Fairuzan Roslan ',
'License' => BSD_LICENSE,
'Version' => '$Revision: 9669 $',
'References' =>
[
[ 'CVE', '1999-0256'],
[ 'OSVDB', '875' ],
[ 'BID', '10078' ],
[ 'URL', 'http://lists.insecure.org/lists/bugtraq/1998/Feb/0
Exploit-DB
War-FTPD 1.65 - Password Overflow (Metasploit)
exploitdb·2010-07-03
CVE-1999-0256 War-FTPD 1.65 - Password Overflow (Metasploit)
War-FTPD 1.65 - Password Overflow (Metasploit)
---
##
# $Id: warftpd_165_pass.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'War-FTPD 1.65 Password Overflow',
'Description' => %q{
This exploits the buffer overflow found in the PASS command
in War-FTPD 1.65. This particular module will only work
reliably against Windows 2000 targets. The server must be
configured to allow anonymous logins for this exploit to
succeed. A failed attempt will bring down the service
completely.
},
'Author' => 'hdm',
'License'
No writeups or analysis indexed.
http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732
2010-04-14
Published