(MS12-031) Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
Publish Date: 09 de мая de 2012
Severity: : High
CVE Kennungen: : CVE-2012-0018
Advisory Date: 09 de мая de 2012
DESCRIPTION
A vulnerability in the way MS Visio handles specially crafted files could allow an attacker to take control of the vulnerable system. Logged on users that have lesser privileges on the affected system are less impacted by the effects of this vulnerability.
As a workaround, Microsoft recommends to block ActiveX Controls and Active Scripting to help block execution of specially crafted files automatically. More information on this workaround is found in the Microsoft bulletin.
SOLUTION
AFFECTED SOFTWARE AND VERSION:
- Microsoft Visio Viewer 2010 (32-bit Edition)
- Microsoft Visio Viewer 2010 Service Pack 1 (32-bit Edition)
- Microsoft Visio Viewer 2010 (64-bit Edition)
- Microsoft Visio Viewer 2010 Service Pack 1 (64-bit Edition)