Critical Remote Code Execution Issue in Microsoft Office Visio 2003
( Microsoft Security Bulletin MS11-055, CVE-2010-3148 )
Summary
A remote code execution vulnerability has been reported in Microsoft Office Visio 2003. Successful exploitation may enable an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
Details
Microsoft Visio 2003 is a commercial diagramming program for Microsoft Windows that uses vector graphics to create diagrams.
This issue is a remote code execution vulnerability that is due to insecure library loading in Visio. Successful exploitation of this vulnerability may result in an attacker taking complete control of a targeted system, allowing her to then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Products
Users of Office Visio 2003 are vulnerable to this issue.
Solution
Check Point's IPS Software Blade provides immediate network protection in the latest IPS update by detecting and blocking attempts to exploit this issue. For more information see CPAI-2011-334.
Originally Published:
Last Updated: 12-Jul-2011