Visio 2003 Documents Could Install Malware
Severity: Medium
Summary:
· This vulnerability affects: Visio 2003, only
· How an attacker exploits it: By enticing one of your users into opening a maliciously crafted Visio document
· Impact: An attacker can execute code, potentially gaining complete control of your users' computers
· What to do: Deploy the Visio 2003 patch as soon as possible, or let Windows Update do it for you
Exposure:
Microsoft Visio is a very popular diagramming application, which many administrators use to create network diagrams. It also ships with some Office packages.
In a security bulletin released today, Microsoft describes a security vulnerability that only affects Visio 2003. Specifically, Visio 2003 suffers from an insecure Dynamic Link Library (DLL) loading vulnerability, sometimes referred to as a binary planting flaw. We first described this class of flaw in a September Wire post, which describes this Microsoft security advisory. If an attacker can entice one of your users into opening a Visio related filw (such as .vsd, .vdx, .vst, or .vtx) file from the same location as a specially crafted DLL, he could exploit this flaw to execute code on that user’s computer with full system privileges, thus gaining complete control of the computer.
Solution Path:
Microsoft has released a Visio 2003 patch to fix this flaw. You should download, and deploy the patch as soon as possible, or let Windows Update do it for you.
Status:
Microsoft has released a fix.
0 Comments
Recommended Comments
There are no comments to display.