CVE-2012-0018

CWE-20Improper Input ValidationCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds Read5 documents4 sources
Severity
9.3CRITICAL
EPSS
53.7%
top 2.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Visio Viewer
Timeline
PublishedMay 9
Latest updateMay 4

Description

Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4522-mh29-ff78: Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code2022-05-04
CVEList
CVE-2012-0018: Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code2012-05-09

📋Vendor Advisories

2
Red Hat
libxml2: Heap-based buffer overflow when decoding an entity reference with a long name2012-01-06
Red Hat
libxml2 out of bounds read2011-12-13
CVE-2012-0018 (CRITICAL CVSS 9.3) | Microsoft Visio Viewer 2010 Gold an | cvebase.io