Vulnerability Details : CVE-2012-0020

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
Publish Date : 2012-02-14 Last Update Date : 2012-08-13

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	9.3
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Execute CodeMemory corruption
CWE ID	94

- Related OVAL Definitions

Title	Definition Id	Class	Family
VSD File Format Memory Corruption Vulnerability	oval:org.mitre.oval:def:14965		windows

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2012-0020

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Microsoft	Visio Viewer	2010				Details Vulnerabilities
2	Application	Microsoft	Visio Viewer	2010	SP1			Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Microsoft	Visio Viewer	2

- References For CVE-2012-0020

http://technet.microsoft.com/en-us/security/bulletin/ms12-015
Microsoft Security Bulletin MS12-015 MS12-015 - Important : Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510) - Version: 1.0 Severity Rating: Important Revision Note: V1.0 (February 14, 2012): Bulletin published. Summary: This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Release Date:2012-02-14

- Metasploit Modules Related To CVE-2012-0020

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)