CVE-2012-0018
published 2012-05-09CVE-2012-0018: Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a…
PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
25.07%
97.7th percentile
Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visio_viewer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4522-mh29-ff78: Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code
ghsa_unreviewed·2022-05-04
CVE-2012-0018 [HIGH] CWE-20 GHSA-4522-mh29-ff78: Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code
Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
Red Hat
libxml2: Heap-based buffer overflow when decoding an entity reference with a long name
vendor_redhat·2012-01-06·CVSS 7.5
CVE-2011-3919 [HIGH] CWE-122 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name
libxml2: Heap-based buffer overflow when decoding an entity reference with a long name
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Statement: This issue affected the versions of libxml2 as shipped with Red Hat Enterprise Linux 4, 5 and 6 and has been addressed via RHSA-2012:0016, RHSA-2012:0017 and RHSA-2012:0018 respectively.
Red Hat
libxml2 out of bounds read
vendor_redhat·2011-12-13·CVSS 5.0
CVE-2011-3905 [MEDIUM] CWE-125 libxml2 out of bounds read
libxml2 out of bounds read
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Statement: This issue affects the version of libxml2 as shipped with Red Hat Enterprise
Linux 4, 5 and 6 and has been addressed via RHSA-2012:0016, RHSA-2012:0017 and
RHSA-2012:0018 respectively. This issue affects the version of mingw32-libxml2
as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team
has rated this issue as having low security impact. A future update may address
this issue in Red Hat Enterprise Linux 6.
No detection rules found.
No public exploits indexed.
Zscaler
Zscaler Protects against Microsoft's Patch Cycle | Round 9
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler Protects against Microsoft's Patch Cycle | Round 9
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2026-43409 kernel: kprobes: avoid crash when rmmod/insmod after ftrace killed
bugzilla·2026-05-08
CVE-2026-43409 [MEDIUM] CVE-2026-43409 kernel: kprobes: avoid crash when rmmod/insmod after ftrace killed
CVE-2026-43409 kernel: kprobes: avoid crash when rmmod/insmod after ftrace killed
In the Linux kernel, the following vulnerability has been resolved:
kprobes: avoid crash when rmmod/insmod after ftrace killed
After we hit ftrace is killed by some errors, the kernel crash if
we remove modules in which kprobe probes.
BUG: unable to handle page fault for address: fffffbfff805000d
PGD 817fcc067 P4D 817fcc067 PUD 817fc8067 PMD 101555067 PTE 0
Oops: Oops: 0000 [#1] SMP KASAN PTI
CPU: 4 UID: 0 PID: 2012 Comm: rmmod Tainted: G W OE
Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
RIP: 0010:kprobes_module_callback+0x89/0x790
RSP: 0018:ffff88812e157d30 EFLAGS: 00010a02
RAX: 1ffffffff805000d RBX: dffffc0000000000 RCX: ffffffff86a8de90
RDX: ffffed1025c2af9b RSI: 0000000000000008 RDI: fffffff
http://osvdb.org/81731http://secunia.com/advisories/49113http://www.securityfocus.com/bid/53328http://www.securitytracker.com/id?1027042http://www.us-cert.gov/cas/techalerts/TA12-129A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-031https://exchange.xforce.ibmcloud.com/vulnerabilities/75115https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15606http://osvdb.org/81731http://secunia.com/advisories/49113http://www.securityfocus.com/bid/53328http://www.securitytracker.com/id?1027042http://www.us-cert.gov/cas/techalerts/TA12-129A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-031https://exchange.xforce.ibmcloud.com/vulnerabilities/75115https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15606
2012-05-09
Published