CVE-2007-0934

Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/35342
http://secunia.com/advisories/25619
http://www.securityfocus.com/archive/1/471947/100/0/threaded
http://www.securityfocus.com/bid/24349
http://www.securitytracker.com/id?1018227
http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/2150
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030
https://exchange.xforce.ibmcloud.com/vulnerabilities/34607
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-06-12 19:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-0934

Mitre link : CVE-2007-0934

CVE.ORG link : CVE-2007-0934

JSON object : View

Products Affected

microsoft

visio

CWE

NVD-CWE-Other

{"id": "CVE-2007-0934", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-06-12T19:30:00.000", "references": [{"url": "http://osvdb.org/35342", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/25619", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/24349", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1018227", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2150", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34607", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Microsoft Visio 202 permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo de Visio (.VSD, .VSS, .VST) con un n\u00famero de versi\u00f3n manipulado que dispara una corrupci\u00f3n de memoria."}], "lastModified": "2018-10-16T16:35:33.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E24DF34-F4A8-4C28-9593-F019FE3E3BA2"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}