Summary:

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Microsoft Office Visio, which allow a remote attacker to compromise a system through a malicious document.

Impact:

Remote Code Execution.

Risk:

High.

Affected Software:

For a list of affected software, please refer to the Microsoft Security Bulletin reference below.

Additional Information:

Two memory corruption vulnerabilities were discovered in Microsoft Office Visio, each of which is highlighted below:
  • Memory corruption in "vislib.dll" (CVE-2010-0254)
  • Memory corruption in "vislib.dll" (CVE-2010-0256)
The vulnerabilities are triggered when opening and rendering a Visio file. A remote attacker could craft a malicious document which exploits either one of these vulnerabilities, allowing them to compromise a system.

Solutions:
FortiGuard Labs released the following signatures to protect against these vulnerabilities
  • "MS.Visio.Attribute.Memory.Corruption", previously released as "FG-VD-09-006-Microsoft" (CVE-2010-0254).
  • "MS.Visio.objectID.Memory.Corruption", previously released as "FG-VD-09-005-Microsoft" (CVE-2010-0256).
References:

Acknowledgment:
  • Bing Liu of Fortinet's FortiGuard Labs.