CVE-2012-0138

Опубликовано: 14 фев. 2012

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.

Ссылки

http://www.us-cert.gov/cas/techalerts/TA12-045A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14811
http://www.us-cert.gov/cas/techalerts/TA12-045A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14811

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:visio_viewer:2010:sp1:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.45098

Средний

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-m4w6-q2pr-qg8f

github

почти 4 года назад