CVE-2007-0936

Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/35343
http://secunia.com/advisories/25619
http://www.securityfocus.com/archive/1/471947/100/0/threaded
http://www.securityfocus.com/bid/24384
http://www.securitytracker.com/id?1018227
http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/2150
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2003:::::::*
	cpe:2.3:a:microsoft:visio:2002:sp2::::::

History

No history.

Information

Published : 2007-06-12 19:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-0936

Mitre link : CVE-2007-0936

CVE.ORG link : CVE-2007-0936

JSON object : View

Products Affected

microsoft

visio
office

CWE

NVD-CWE-Other

{"id": "CVE-2007-0936", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-06-12T19:30:00.000", "references": [{"url": "http://osvdb.org/35343", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/25619", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/24384", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1018227", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2150", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka \"Visio Document Packaging Vulnerability.\""}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en Microsoft Visio 2002 permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo Visio (.VSD, .VSS, .VST) con un objeto empaquetado manipulado que dispara una corrupci\u00f3n de memoria, tambi\u00e9n conocida como \"Vulnerabilidad de Empaquetado de Documento Visio\" (Visio Document Packaging Vulnerability)"}], "lastModified": "2018-10-16T16:35:34.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D"}, {"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}