Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1681

CWE-119Buffer Overflow6 documents5 sources
Severity
7.6HIGH
EPSS
79.1%
top 0.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Visio
Timeline
PublishedMay 6
Latest updateMay 14

Description

Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/visio2002, 2003, 2007+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-9mgc-jxh6-mqj2: Buffer overflow in VISIODWG2022-05-14
CVEList
CVE-2010-1681: Buffer overflow in VISIODWG2010-05-05

💥Exploits & PoCs

2
Exploit-DB
Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028) (Metasploit)2011-06-26
Exploit-DB
Microsoft Visio 2002 - '.DXF' Local Stack Overflow2010-09-08

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Microsoft Office Visio DXF File Processing Remote Code Execution2011-01-06
CVE-2010-1681 (HIGH CVSS 7.6) | Buffer overflow in VISIODWG.DLL bef | cvebase.io