Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Microsoft Office Visio, which allow a remote attacker to compromise a system through a malicious document.
Remote Code Execution.
For a list of affected software, please refer to the Microsoft Security Bulletin reference below.
Two memory corruption vulnerabilities were discovered in Microsoft Office Visio, each of which is highlighted below:
- Memory corruption in "vislib.dll" (CVE-2010-0254)
- Memory corruption in "vislib.dll" (CVE-2010-0256)
- Users should apply the solution provided by Microsoft.
- "MS.Visio.Attribute.Memory.Corruption", previously released as "FG-VD-09-006-Microsoft" (CVE-2010-0254).
- "MS.Visio.objectID.Memory.Corruption", previously released as "FG-VD-09-005-Microsoft" (CVE-2010-0256).
- Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx
- CVE ID: CVE-2010-0254
- CVE ID: CVE-2010-0256
- Bing Liu of Fortinet's FortiGuard Labs.