Title

Microsoft Visio Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in Microsoft Visio. Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. To exploit this vulnerability, an attacker would entice a user of a vulnerable system to open a malicious Visio file sent via email or hosted in a network share, a UNC, or WebDAV location. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise the affected system. At this time, there are known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Microsoft Visio Insecure Library Loading Vulnerability - CVE-2010-3148 A remote code execution vulnerability exists in the way that Microsoft Visio handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-055 (2560847). Vulnerable Applications/Systems: Microsoft Visio 2003 Service Pack 3 Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below. Omfcu.dll Microsoft Visio 2003 Service Pack 3 - 11.0.8332.0

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-29387

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.