Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)

Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) allows attackers to gain user rights and execute arbitrary code

Reporter	Title	Published	Views	Family All 10
Check Point Advisories	Microsoft Visio Viewer VSD File Attributes Validation Error (MS12-031; CVE-2012-0018)	12 Jun 201200:00	–	checkpoint_advisories
CVE	CVE-2012-0018	9 May 201200:00	–	cve
Cvelist	CVE-2012-0018	9 May 201200:00	–	cvelist
NVD	CVE-2012-0018	9 May 201200:55	–	nvd
OpenVAS	Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)	9 May 201200:00	–	openvas
Prion	Memory corruption	9 May 201200:55	–	prion
securityvulns	Microsoft Office multiple security vulnerabilities	26 Aug 201200:00	–	securityvulns
Tenable Nessus	MS12-031: Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)	9 May 201200:00	–	nessus
Symantec	Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability	8 May 201200:00	–	symantec
seebug.org	Microsoft Visio Viewer VSD文件格式远程代码执行漏洞(MS12-031)	9 May 201200:00	–	seebug

Source	Link
secunia	www.secunia.com/advisories/49113
technet	www.technet.microsoft.com/en-us/security/bulletin/MS12-031
securelist	www.securelist.com/en/advisories/49113
support	www.support.microsoft.com/kb/2597981

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms12-031.nasl 6538 2017-07-05 11:38:27Z cfischer $
#
# Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)
#
# Authors:
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (c) 2012 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation could allow attackers to gain same user rights as
  the logged on user and execute arbitrary code.
  Impact Level: System/Application";
tag_affected = "Microsoft Visio Viewer 2010 Service Pack 1 and prior";
tag_insight = "The flaw is due to an error when validating certain attributes within
  a 'VSD' file format and can be exploited to corrupt memory via a specially
  crafted Visio file.";
tag_solution = "Run Windows Update and update the listed hotfixes or download and
  update mentioned hotfixes in the advisory from the below link,
  http://technet.microsoft.com/en-us/security/bulletin/ms12-031";
tag_summary = "This host is missing an important security update according to
  Microsoft Bulletin MS12-031.";

if(description)
{
  script_id(902910);
  script_version("$Revision: 6538 $");
  script_cve_id("CVE-2012-0018");
  script_bugtraq_id(53328);
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-07-05 13:38:27 +0200 (Wed, 05 Jul 2017) $");
  script_tag(name:"creation_date", value:"2012-05-09 08:45:22 +0530 (Wed, 09 May 2012)");
  script_name("Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/49113");
  script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2597981");
  script_xref(name : "URL" , value : "http://www.securelist.com/en/advisories/49113");
  script_xref(name : "URL" , value : "http://technet.microsoft.com/en-us/security/bulletin/MS12-031");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 SecPod");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_office_products_version_900032.nasl");
  script_mandatory_keys("SMB/Office/VisioViewer/Ver");
  script_require_ports(139, 445);

  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

vvVer ="";
visioPath = "";
visiovVer = "";
dllPath = "";

## Get the KB
vvVer = get_kb_item("SMB/Office/VisioViewer/Ver");

## Confirm the visio viewer 2010 installation
if(vvVer && vvVer =~ "^14\..*")
{
  ## Get program files path
  visioPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
                              item:"ProgramFilesDir");
  if(visioPath)
  {
    dllPath = visioPath + "\Microsoft Office\Office14\";
    if(dllPath)
    {
      ## Get the version of VVIEWER.dll file
      visiovVer = fetch_file_version(sysPath:dllPath, file_name:"VVIEWER.dll");
      if(visiovVer)
      {
        if(version_in_range(version:visiovVer, test_version:"14.0", test_version2:"14.0.6117.5002")){
          security_message(0);
        }
      }
    }
  }
}

05 Jul 2017 00:00Current

0.8Low risk

Vulners AI Score0.8

EPSS0.53666