Lucene search
K
MicrosoftVisio

54 matches found

CVE
CVE
added 2016/06/16 1:0 a.m.1052 views

CVE-2016-3235

CVE-2016-3235 corresponds to a Microsoft Office OLE DLL side-loading vulnerability. Affected products include Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016 and Visio Viewer (2007/2010 variants). The root cause is improper library loading validation, allowing a crafted file or applica...

9.3CVSS7AI score0.43431EPSS
In wild
CVE
CVE
added 2024/02/13 6:2 p.m.381 views

CVE-2024-20673

CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...

7.8CVSS7.7AI score0.01177EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.204 views

CVE-2020-0760

CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...

8.8CVSS8.5AI score0.0861EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.163 views

CVE-2023-21736

CVE-2023-21736 is a remote code execution vulnerability in Microsoft Office Visio (part of the Office suite). Connected sources confirm it enables arbitrary code execution and is addressed by Microsoft security updates. The CNVD/ENISA/NCSC entries categorize it as a Visio remote code execution is...

7.8CVSS7.8AI score0.00723EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.161 views

CVE-2023-21737

CVE-2023-21737 is a Microsoft Office Visio Remote Code Execution vulnerability. Public sources in the Connected documents confirm it affects Microsoft Office Visio (Visio component) and is classified as high severity (CVSS v3.1 base score 7.8) with local attack vector and required user interactio...

7.8CVSS7.8AI score0.00723EPSS
CVE
CVE
added 2024/09/19 5:9 p.m.159 views

CVE-2024-38016

CVE-2024-38016 – Microsoft Office Visio Remote Code Execution is a documented vulnerability affecting Microsoft Visio 2016 (both 32‑bit and 64‑bit), and broader Microsoft Office suites as listed in connected references (including Visio 2019/LTSC 2021 and Microsoft 365 Apps for Enterprise). The is...

7.8CVSS7.7AI score0.00595EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.156 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.156 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2004/09/17 4:0 a.m.149 views

CVE-2004-0200

CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...

9.3CVSS7.6AI score0.49024EPSS
CVE
CVE
added 2013/05/15 1:0 a.m.148 views

CVE-2013-1301

CVE-2013-1301 concerns Microsoft Visio information disclosure via XML External Entities (XXE). The vulnerability arises when Visio processes XML documents containing external entity declarations, allowing a remote attacker to read arbitrary files. Affected products include Visio 2003 SP3, Visio 2...

4.3CVSS6.6AI score0.16707EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.145 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2012/08/15 1:0 a.m.144 views

CVE-2012-1888

CVE-2012-1888 concerns a buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 during DXF parsing. The root cause is a memory corruption flaw in the DWGDP.DLL while processing MTEXT strings in DXF files, potentially copying data beyond the stack. This allows remote code execution ...

9.3CVSS7.7AI score0.24151EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.137 views

CVE-2007-5348

The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...

9.3CVSS8AI score0.52886EPSS
CVE
CVE
added 2013/03/13 12:0 a.m.136 views

CVE-2013-0079

CVE-2013-0079 affects Microsoft Visio Viewer 2010 SP1. The vulnerability is described as a memory allocation error in the Visio Tree Object Confusion vulnerability that allows remote code execution when processing a crafted Visio file. Connected sources corroborate, noting this is addressed by Mi...

9.3CVSS7.4AI score0.26684EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.127 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.126 views

CVE-2023-21741

CVE-2023-21741 affects Microsoft Office Visio. Description: Information disclosure vulnerability in Visio; attacker could obtain sensitive memory data and use it for further attacks. Reported metrics show CVSS 3.1 base score 7.1 (HIGH) with: Attack Vector NETWORK, Attack Complexity LOW, Privilege...

7.1CVSS6.7AI score0.01793EPSS
CVE
CVE
added 2022/09/13 6:42 p.m.121 views

CVE-2022-38010

CVE-2022-38010 is a Microsoft Office Visio remote code execution vulnerability. Public listings and update guidance identify Visio 2013 (KB5002017) and Visio 2016 (KB5002016) as affected, with deployment differences: Visio 2013 updates apply to the MSI-based edition (SP1 required) and Visio 2016 ...

7.8CVSS7.8AI score0.00832EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.117 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.115 views

CVE-2008-3013

CVE-2008-3013 corresponds to a GDI+ GIF parsing vulnerability. The connected KB954593 (MS08-052) describes remote code execution in Windows GDI+ when a user views a specially crafted GIF, affecting multiple Windows versions and Office components. The underlying issue is memory corruption during G...

9.3CVSS7.7AI score0.52065EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.114 views

CVE-2015-2503

CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...

9.3CVSS6.8AI score0.1684EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.107 views

CVE-2022-44695

Technical details about CVE-2022-44695 are not publicly provided in the supplied connected documents. Available items reference the CVE and notes about Visio remote code execution and December 2022 updates, but do not specify affected versions, root cause, or fixes.

7.8CVSS7.8AI score0.00815EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.104 views

CVE-2009-2504

CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...

9.3CVSS9.7AI score0.20982EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.103 views

CVE-2008-3014

CVE-2008-3014 is the GDI+ WMF Buffer Overrun vulnerability. A buffer overflow in gdiplus.dll (GDI+) allows remote code execution when processing a malformed WMF image, affecting multiple Windows and Office components listed in the description (e.g., Internet Explorer 6 SP1 on various Windows vers...

9.3CVSS7.8AI score0.36722EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.101 views

CVE-2009-2503

CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...

9.3CVSS9.6AI score0.22205EPSS
CVE
CVE
added 2016/01/13 2:0 a.m.99 views

CVE-2016-0012

CVE-2016-0012 affects Microsoft Office suite (2007–2016 and related components) and is described as a security feature/ASLR bypass vulnerability. Connected OpenVAS entries explicitly reference remote bypass vectors in Office components (PowerPoint, Visio, Word, Excel, VB runtime) and note exploit...

4.3CVSS5.1AI score0.11195EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.97 views

CVE-2006-3877

PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...

9.3CVSS7.1AI score0.12199EPSS
CVE
CVE
added 2021/03/11 3:48 p.m.97 views

CVE-2021-27055

CVE-2021-27055 is a Microsoft Visio Security Feature Bypass vulnerability. The connected sources confirm a Visio-related bypass exists, enabling bypass of built-in security features and potentially compromising integrity/availability when exploited. CVSS data indicate a HIGH severity (base score ...

7CVSS6.6AI score0.0217EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.94 views

CVE-2008-1089

CVE-2008-1089 (Visio Object Header Vulnerability) affects Microsoft Visio 2002 SP2, 2003 SP2/SP3, and 2007 up to SP1. The flaw stems from improper validation of object header data when opening Visio files, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Explo...

9.3CVSS7.3AI score0.32106EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.94 views

CVE-2008-1090

CVE-2008-1090 is a Visio memory validation vulnerability in Microsoft Visio 2002 SP2, 2003 SP2/SP3, and 2007 up to SP1. A remote attacker could exploit memory allocation handling when loading specially crafted .DXF files from disk, leading to remote code execution if a user opens the file. The vu...

9.3CVSS7.3AI score0.32106EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.93 views

CVE-2015-2423

CVE-2015-2423 is an “Unsafe Command Line Parameter Passing” vulnerability affecting a broad set of Windows OS versions (Vista through Windows 10) and Office apps (2007–2013) where a crafted command-line parameter to an Office app or Notepad can elevate from Low to Medium Integrity and disclose se...

4.3CVSS6.4AI score0.19851EPSS
CVE
CVE
added 2007/02/03 1:0 a.m.92 views

CVE-2007-0671

CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...

9.3CVSS7.5AI score0.42139EPSS
In wild
CVE
CVE
added 2009/02/10 10:13 p.m.90 views

CVE-2009-0097

CVE-2009-0097 is a remote-code-execution memory-corruption vulnerability in Microsoft Office Visio when opening Visio files. It is described as a memory-validation/memory-corruption issue in how Visio handles object data during file parsing, allowing an attacker to execute arbitrary code via a cr...

9.3CVSS7.6AI score0.22648EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.90 views

CVE-2024-43463

CVE-2024-43463 affects Microsoft Office Visio and is fixed by the September 2024 security update KB5002634. Public disclosures and multiple CVE roundups (MSRC, CNVD, CIRCL/CVE feeds, and Nessus) corroborate that Visio 2016 is susceptible and an update is available to remediate. The vulnerability ...

7.8CVSS7.9AI score0.00937EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.87 views

CVE-2008-3015

CVE-2008-3015 (GDI+ BMP Integer Overflow) describes a vulnerability in gdiplus.dll where a BMP BitMapInfoHeader with malformed data can trigger a buffer overflow, enabling remote code execution. Affected products include Office XP SP3, Office 2003 SP2/SP3, Office 2007, Visio 2002 SP2, PowerPoint ...

9.3CVSS8AI score0.39272EPSS
CVE
CVE
added 2009/02/10 10:13 p.m.87 views

CVE-2009-0096

Summary: CVE-2009-0095, CVE-2009-0096, and CVE-2009-0097 are memory-related vulnerabilities in Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1. The flaws involve validation or memory handling when parsing Visio files, allowing remote code execution if a user opens a specially crafted Visi...

9.3CVSS7.6AI score0.22648EPSS
CVE
CVE
added 2009/02/10 10:13 p.m.86 views

CVE-2009-0095

Summary: CVE-2009-0095 is a remote code execution vulnerability in Microsoft Office Visio, affecting Visio 2002 SP2, Visio 2003 SP3, and Visio 2007 SP1. It stems from improper validation of object data when opening Visio files, allowing a crafted file to execute arbitrary code on a vulnerable sys...

9.3CVSS7.5AI score0.23477EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.86 views

CVE-2011-1972

The CVE-2011-1972 issue affects Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold/SP1. It stems from improper in-memory validation of objects during Visio file parsing, enabling remote code execution when a specially crafted Visio file is opened. Multiple sources corroborate a memory-corruption s...

9.3CVSS7.5AI score0.22201EPSS
CVE
CVE
added 2015/10/14 1:0 a.m.86 views

CVE-2015-2557

CVE-2015-2557 is a memory corruption vulnerability in Microsoft Visio 2007 SP3 and Visio 2010 SP2 that enables remote code execution via specially crafted UML data in an Office document. Root cause: buffer/memory corruption while parsing input. Impact: remote attacker can execute arbitrary code i...

9.3CVSS7.8AI score0.22491EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.85 views

CVE-2008-3012

CVE-2008-3012 corresponds to an in-GDI+ memory allocation flaw in gdiplus.dll that could allow remote code execution when a specially crafted EMF image is viewed. Connected docs confirm this as MS08-052, addressing vulnerabilities in GDI+ across Windows and Office components (IE6, Windows XP, Ser...

9.3CVSS7.7AI score0.31037EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.84 views

CVE-2005-2127

CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...

7.5CVSS7.8AI score0.63665EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.83 views

CVE-2004-0848

CVE-2004-0848 corresponds to a buffer overflow in Microsoft Office XP that can allow remote code execution via specially crafted HTML links referencing URL file locations. Connected advisories detail that the overflow occurs in the Office process handling URL file references, enabling arbitrary c...

7.5CVSS7.8AI score0.27489EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.80 views

CVE-2016-3364

Microsoft Visio 2016 contains a remote memory-corruption vulnerability (CVE-2016-3364) due to improper handling of objects in memory. An attacker who entices a user to open a specially crafted Office document can execute arbitrary code with the user’s privileges; administrative rights amplify imp...

9.3CVSS7.7AI score0.18535EPSS
CVE
CVE
added 2003/09/04 4:0 a.m.75 views

CVE-2003-0347

Vulnerability CVE-2003-0347 affects Microsoft Visual Basic for Applications (VBA) 5.0–6.3 via heap-based overflow in VBE.DLL and VBE6.DLL. An attacker could supply a document with a long ID parameter to cause remote code execution. Impact is remote compromise with user privileges; affected compon...

10CVSS8AI score0.5157EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.74 views

CVE-2011-1979

CVE-2011-1979 in Microsoft Visio affects Visio 2003 SP3 and 2007 SP2, caused by insufficient validation of in-memory objects during Visio file parsing. This memory-validation flaw enables remote code execution via a specially crafted Visio file, with the attacker gaining the same privileges as th...

9.3CVSS7.5AI score0.22201EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.70 views

CVE-2006-3864

CVE-2006-3864 is a remote code execution vulnerability in Microsoft Office/PowerPoint components due to a malformed record in Office files (DOC/PPT/XLS) that triggers memory corruption in mso.dll. A remote, user-assisted attacker who persuades a user to open a crafted document can execute arbitra...

9.3CVSS7.2AI score0.31527EPSS
CVE
CVE
added 2010/05/05 6:0 p.m.70 views

CVE-2010-1681

CVE-2010-1681 is a buffer overflow in VISIODWG.DLL of Microsoft Office Visio triggered by parsing inserted DXF files. Affects Visio versions using VISIODWG.DLL prior to 10.0.6880.4 (patched in KB979364 / MS10-028); original vulnerable library version cited as 10.0.5006.4. Core Security CoreLabs d...

7.6CVSS7.5AI score0.67309EPSS
CVE
CVE
added 2010/08/27 6:10 p.m.70 views

CVE-2010-3148

CVE-2010-3148 relates to an insecure library loading vulnerability in Microsoft Visio 2003 SP3. The root cause is loading an unintended DLL (notably mfc71enu.dll) from the current working directory, enabling a Trojan horse DLL to be used via crafted Visio files (e.g., .vsd, .vdx, .vst, .vtx). The...

9.3CVSS6.3AI score0.1364EPSS
CVE
CVE
added 2007/06/12 7:0 p.m.62 views

CVE-2007-0936

Visio Document Packaging Vulnerability (CVE-2007-0936) in Microsoft Visio 2002/2003—memory corruption triggered by parsing a packed object in Visio files (.VSD/.VSS/.VST). Allows remote code execution when a crafted Visio file is opened. Affected software includes Visio 2002 (SP2) and Visio 2003 ...

9.3CVSS7.4AI score0.30914EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.62 views

CVE-2010-0254

CVE-2010-0254 is a Visio memory‑corruption vulnerability in Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1/SP2. The flaw arises from improper validation of Visio file attributes, allowing a remote attacker to execute arbitrary code by opening a crafted Visio file. The issue is part of a ...

7.6CVSS7.5AI score0.17924EPSS
CVE
CVE
added 2011/02/10 3:0 p.m.62 views

CVE-2011-0092

Microsoft Visio CVE-2011-0092 affects ORMELEMS.DLL in Visio 2002 SP2, 2003 SP3 and 2007 SP2. A malformed VisioDocument stream in a Visio file can trigger an exception handler that accesses an uninitialized object, causing memory corruption and remote code execution. The vulnerability is triggered...

9.3CVSS7.6AI score0.24225EPSS
Total number of security vulnerabilities54