CVE-2008-1090

2008-04-0823:05:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-1090

microsoft visio

remote code execution

memory validation

dxf file

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.595 Medium

EPSS

Percentile

97.7%

JSON

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka “Visio Memory Validation Vulnerability.”

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2007_sp1
microsoft:visiomicrosoft visioeq2003
microsoft:officemicrosoft officeeq2003
microsoft:visiomicrosoft visioeq2003_sp3
microsoft:officemicrosoft officeeqxp
microsoft:visiomicrosoft visioeq2002
microsoft:visiomicrosoft visioeq2007_sp1
microsoft:officemicrosoft officeeq2007
microsoft:visiomicrosoft visioeq2007

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2007_sp1
microsoft:visio	microsoft visio	eq	2003
microsoft:office	microsoft office	eq	2003
microsoft:visio	microsoft visio	eq	2003_sp3
microsoft:office	microsoft office	eq	xp
microsoft:visio	microsoft visio	eq	2002
microsoft:visio	microsoft visio	eq	2007_sp1
microsoft:office	microsoft office	eq	2007
microsoft:visio	microsoft visio	eq	2007