RCE in Microsoft Visio

CVE-2010-0256

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calcu…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.205 (95.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Visio — versions 2007, 2003, 2002
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

TA10-103A (US Government Resource, x_refsource_CERT, third-party-advisory)
MS10-028 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:6732 (signature, x_refsource_OVAL, vdb-entry)