Lucene search

[email protected]CVE-2012-0137

HistoryFeb 14, 2012 - 10:55 p.m.

CVE-2012-0137

2012-02-1422:55:00

CWE-94

[email protected]

web.nvd.nist.gov

120

cve-2012-0137

microsoft visio viewer

memory corruption

file parsing

remote code execution

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.633 Medium

EPSS

Percentile

97.8%

JSON

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka “VSD File Format Memory Corruption Vulnerability,” a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.

CPENameOperatorVersion
microsoft:visio_viewermicrosoft visio viewereq2010

CPE	Name	Operator	Version
microsoft:visio_viewer	microsoft visio viewer	eq	2010

References

www.us-cert.gov/cas/techalerts/TA12-045A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14602

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.633 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2012-0137

prion5 cvelist5 securityvulns1 cve4 nessus1 mskb1 openvas2 checkpoint_advisories5 symantec5 seebug1