Summary:

Three memory corruption vulnerabilities lie in Microsoft Office Visio 2003, which allow a remote attacker to compromise a system through a malicious document.

Impact:

Remote code execution.

Risk:

• Critical

Affected Software:

For a list of operating systems and product versions affected, please see the Microsoft Security Bulletin reference below.

Solutions:

• Use the solution provided by Microsoft (MS09-005).

References:

• Microsoft Bulletin: http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
• CVE ID: CVE-2009-0095
• CVE ID: CVE-2009-0096
• CVE ID: CVE-2009-0097

Acknowledgement:

• Bing Liu of Fortinet's FortiGuard Global Security Research Team