Lucene search

[email protected]CVE-2012-0138

HistoryFeb 14, 2012 - 10:55 p.m.

CVE-2012-0138

2012-02-1422:55:00

CWE-94

[email protected]

web.nvd.nist.gov

114

microsoft

visio

viewer

2010

gold

sp1

memory corruption

vulnerability

cve-2012-0138

nvd

code execution

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.633 Medium

EPSS

Percentile

97.8%

JSON

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka “VSD File Format Memory Corruption Vulnerability,” a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.

CPENameOperatorVersion
microsoft:visio_viewermicrosoft visio viewereq2010

CPE	Name	Operator	Version
microsoft:visio_viewer	microsoft visio viewer	eq	2010

References

www.us-cert.gov/cas/techalerts/TA12-045A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14811

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.633 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2012-0138

prion5 cvelist5 cve4 securityvulns1 nessus1 mskb1 openvas2 symantec5 checkpoint_advisories5 seebug1