Vulnerability Details : CVE-2012-0018
Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
Vulnerability category: Memory CorruptionInput validationExecute code
Products affected by CVE-2012-0018
- cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio_viewer:2010:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0018
91.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0018
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-0018
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0018
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15606
Repository / Oval Repository
-
http://www.securitytracker.com/id?1027042
Microsoft Visio Viewer Memory Corruption Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75115
Microsoft Visio Viewer memory code execution CVE-2012-0018 Vulnerability Report
-
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-031
Microsoft Security Bulletin MS12-031 - Important | Microsoft Docs
-
http://www.securityfocus.com/bid/53328
Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability
Jump to