HTTP: Microsoft Office Visio VSD File Icon Bits Memory Corruption
This signature detects attempts to exploit a known remote code-execution vulnerability in Microsoft Visio. It is due to incorrect handling of the Icon Bits in a crafted Microsoft Visio file. A remote attacker can exploit this by enticing the target user to open a malicious Microsoft Visio file, potentially causing arbitrary code to be injected and executed on the target. In a successful attack, the behavior of the target depends on the intention of the attacker. Any code injected is executed within the security context of the currently logged in user. In an unsuccessful code execution attack, Microsoft Visio terminates resulting in the loss of any unsaved data from the current session.
Extended Description
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to run arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
Microsoft visio_2003
Short Name
HTTP:STC:DL:VISIO-VSD-ICON
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Bits CVE-2009-0095 Corruption File Icon Memory Microsoft Office VSD Visio bid:33659
Release Date
10/25/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3