CVE-2010-1681

Microsoft Visio - Memory Corruption

Title source: rule

Description

Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.

Exploits (3)

metasploit WORKING POC GOOD

by Unknown · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/visio_dxf_bof.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Abysssec · pythonlocalwindows

https://www.exploit-db.com/exploits/14944

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/17451

View Code ZIP pw:eip

References (5)

[Various Sources] http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow

[Patch] http://www.securityfocus.com/bid/39836

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1023938

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511121/100/0/threaded

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/14944

Scores

EPSS 0.7908

EPSS Percentile 99.0%

Classification

CWE

CWE-119

Status draft

Affected Products (4)

microsoft/visio

Timeline

Published May 06, 2010

Tracked Since Feb 18, 2026