CVE-2012-0020

Microsoft Visio Viewer 2010 Gold and SP1 - Remote Code Execution via Crafted VSD File Attributes

Title source: llm
STIX 2.1

Description

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-045A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14965

Scores

EPSS 0.2029
EPSS Percentile 97.2%

Details

CWE
CWE-94
Status published
Products (1)
microsoft/visio_viewer 2010 (2 CPE variants)
Published Feb 14, 2012
Tracked Since Feb 18, 2026