1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Visio Packed Objects Code Exec

HTTP MS Visio Packed Objects Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in Microsoft Visio which may result in remote code execution.

Additional Information

Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams.

Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Specifically, this issue occurs when parsing packed objects within .VSS, .VSD, or .VST files.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • Microsoft Visio 2002 SP1, SP2
  • Microsoft Visio 2003 SP1, SP2
  • Microsoft Visio Professional 2007
  • Microsoft Visio Standard 2007
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube