[security-alerts] FW: [SA25619] Microsoft Visio Two Code Execution Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Microsoft Visio Two Code Execution Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA25619
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25619/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Visio 2003
> http://secunia.com/product/1092/
> Microsoft Visio 2002
> http://secunia.com/product/1091/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in Microsoft Visio, which can
> be exploited by malicious people to compromise a user's system.
> 
> 1) An input validation error in the handling of the version number
> field in a Visio (.VSD, VSS, or .VST) file can be exploited to
> corrupt memory via a specially crafted Visio file.
> 
> 2) An error in the handling of packed objects in a Visio file can be
> exploited to corrupt memory via a specially crafted Visio file.
> 
> Successful exploitation of the vulnerabilities allows execution of
> arbitrary code.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Visio 2002 SP2:
> http://www.microsoft.com/downloads/details/aspx?FamilyId=FC1D0
> 483-27E8-4541-B81D-4A47973BEA30
> 
> Microsoft Visio 2003 SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C47F4
> 32E-8538-42FD-92C9-7E0F1D643E8E
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) Reported the vendor.
> 2) The vendor credits Chris Ries, Vigilant Minds.
> 
> ORIGINAL ADVISORY:
> MS07-030 (KB927051):
> http://www.microsoft.com/technet/security/Bulletin/MS07-030.mspx
> 
>