You are here

T-656: Microsoft Office Visio DXF File Handling Arbitrary Code Execution Vulnerability

June 28, 2011 - 3:42pm

Addthis

PROBLEM:

Functional code that demonstrates an exploit of the Microsoft Office Visio DXF file handling arbitrary code execution vulnerability is publicly available.

PLATFORM:

Microsoft Office Visio 2002 SP2 and prior
Microsoft Office Visio 2003 SP3 and prior
Microsoft Office Visio 2007 SP2 and prior

ABSTRACT:

Microsoft Office Visio contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

reference  LINKS:

IntelliShield ID: 20432
Original Release: S516
CVE-2010-1681

IMPACT ASSESSMENT:

High

Discussion:

The vulnerability exists because the affected software does not perform sufficient boundary checks on user-supplied input while processing Visio files that contain embedded Drawing Exchange Format (DXF) files. An unauthenticated, remote attacker could exploit this vulnerability by enticing a user to view a crafted Visio file with embedded DXF content. If successful, the attacker could execute arbitrary code on the system with the privileges of the user.
An unauthenticated, remote attacker could exploit this vulnerability by convincing a targeted user to view a malicious Visio file that contains a crafted DXF file. Using the affected software to process the malformed file could cause a buffer overflow condition that corrupts system memory. An attacker could leverage the memory corruption to execute arbitrary code with the privileges of the user.

Impact:

Functional code that demonstrates an exploit of this vulnerability is publicly available.

To exploit the vulnerability, the attacker may provide a file to the user and persuade the user to open or execute the file by using misleading language or instructions.
Users hold elevated privileges, the attacker could execute code that results in a full system compromise. However, if the user runs applications with limited privileges, code that is executed as the result of an exploit would occur in a restricted security context, limiting the overall impact.

Solution:

Microsoft has not explicitly confirmed the vulnerability. However, reports indicate that the issue was corrected as part of the MS10-028 update.
Administrators are advised to contact the vendor regarding future updates and releases.Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.Administrators are advised to monitor affected systems.Software updates are not available.

Microsoft security updates for June 2011
 

Addthis