ID CVE-2013-0079
Summary Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office_filter_pack:2010:sp1:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:office_filter_pack:2010:sp1:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_filter_pack:2010:sp1:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:office_filter_pack:2010:sp1:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:visio:2010:sp1:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:visio:2010:sp1:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:visio:2010:sp1:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:visio:2010:sp1:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:visio_viewer:2010:sp1:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:visio_viewer:2010:sp1:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:visio_viewer:2010:sp1:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:visio_viewer:2010:sp1:x86:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 22:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS13-023
bulletin_url
date 2013-03-12T00:00:00
impact Remote Code Execution
knowledgebase_id 2801261
knowledgebase_url
severity Critical
title Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution
oval via4
accepted 2013-09-02T04:00:33.551-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Dragos Prisaca
    organization G2, Inc.
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment Microsoft Visio 2010 SP1 is installed
    oval oval:org.mitre.oval:def:15564
  • comment Microsoft Visio Viewer 2010 SP1 is installed
    oval oval:org.mitre.oval:def:15675
  • comment Microsoft Office 2010 Filter Pack is installed
    oval oval:org.mitre.oval:def:16401
  • comment Microsoft Office 2010 is installed
    oval oval:org.mitre.oval:def:12061
description Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
family windows
id oval:org.mitre.oval:def:16300
status accepted
submitted 2013-03-14T09:19:36
title Visio Viewer Tree Object Type Confusion Vulnerability - MS13-023
version 15
refmap via4
cert TA13-071A
cert-vn VU#851777
idefense 20130312 Microsoft Office Visio Viewer ActiveX Type Confusion Vulnerability
Last major update 12-10-2018 - 22:03
Published 13-03-2013 - 00:55
Last modified 12-10-2018 - 22:03
Back to Top