MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
High Nessus Plugin ID 35633
SynopsisArbitrary code can be executed on the remote host through Visio.
DescriptionThe remote host contains a version of Microsoft Visio that is affected by memory corruption and memory validation vulnerabilities triggered when parsing specially crafted Visio files that could be be abused to execute arbitrary code on the remote host.
To exploit this vulnerability, an attacker would need to send a specially crafted Visio document to a user on the remote host and trick him into opening it.
SolutionMicrosoft has released a set of patches for Microsoft Visio 2002, 2003 and 2007.