Microsoft Office Visio UML Remote Code Execution Vulnerability

2015-10-13T00:00:00
ID ZDI-15-519
Type zdi
Reporter kdot
Modified 2015-06-22T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within UML parsing. By providing a malformed Visio file, an attacker is able to cause data to be written outside of a normal buffer. An attacker could use this to execute arbitrary code under the context of the Visio process.