Microsoft Visio Remote Code Execution Vulnerability (2560847) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-055.

Impact

Successful exploitation could allow users to execute arbitrary code via a specially crafted visio file. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS11-055.mspx

Insight

The flaw exists due to the way that Microsoft Office Visio loads external libraries, when handling specially crafted Visio files.

Affected

Microsoft Office Visio 2003 SP3 and prior.

References

http://support.microsoft.com/kb/2493523
http://www.microsoft.com/technet/security/Bulletin/MS11-055.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3148

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Consent User Interface Privilege Escalation Vulnerability (2442962)
Cumulative Security Update for Internet Explorer (969897)
Cumulative Patch for Internet Information Services (Q327696)
Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)

Take action and discover your vulnerabilities