CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2007-1202 Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24505.
CVE-2006-5195 Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467.
In addition to the vulnerabilities mentioned above, it is also important to note that Microsoft Office Visio versions before version 10.0.8143 have a cross-site scripting (XSS) vulnerability that can be exploited over HTTP when a user browses a maliciously crafted website.
This vulnerability was reported to Microsoft on May 11, 2006 and it affects all Office Visio versions before 10.0.8143. This vulnerability is rated Critical because it may be used to compromise a user’s system.
The security update to address this vulnerability is Office XP SP3, Office 2003 SP3, Office XP for Business, Office 2000 SP3, Office 2000 for Windows 2000, Office 2000 for Windows NT, Office 2001 for Windows NT, Office XP for Mac, Office 2003 for Mac, Office XP for Windows, Office 2000 for Windows 95, Office 97, Office 98, Office 2000 for Windows 98, Office 2000 for Windows 98 Second Edition, Office 2000 for Windows 95, Office 97, Office 98, Office 2000 for Windows 2000, Office 2000 for Windows NT, Microsoft Office Visio 2002 SP3, Microsoft Office Visio 2003 SP3, Microsoft Office Visio 2002,
Microsoft Word CVE-2006-5196
Office 2000 SP3, Office 2000 for Windows 2000, Microsoft Office Visio 2002 SP3, Microsoft Office Visio 2003 SP3, Microsoft Office Visio 2002,
CVE-2007-1202 Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24505.
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24505.
Microsoft Word 2006 SP2: Cross Site Scripting (XSS) vulnerability in a font file can be exploited over HTTP when a user browses a maliciously crafted website. To exploit this vulnerability, the user must visit a malicious web site that contains a specially crafted font file and trigger the vulnerability by viewing the site content. The vulnerability exists because all of the vulnerable versions of Word use improper sanitization routines to prevent cross site scripting attacks.
The security update to address this vulnerability is Word 2003 SP2, Word 2007 SP1, Word 2003 for Mac, and Word 2007 for Mac.
Microsoft Office Web Apps and SharePoint Server Software
In order for a user to exploit this vulnerability, the user must have access to a Microsoft Office Web Apps site and be able to interact with the SharePoint Website object.
This vulnerability is rated Critical because it may be used to compromise a user’s system.
The security update to address this vulnerability is Office XP SP3, Office 2003 SP3, Office XP for Business, Office 2000 SP3, Office 2000 for Windows 2000, Office 2000 for Windows NT, Microsoft Office Visio 2002 SP3, Microsoft Office Visio 2003 SP3.
Microsoft Office Macro Vulnerability
Microsoft Office Visio has a macro vulnerability that can be exploited over HTTP when a user browses a maliciously crafted website. This vulnerability was reported to Microsoft on May 11, 2006 and it affects all Office Visio versions before 10.0.8143. This vulnerability is rated Important because it may be used to compromise a system or disclose information that the attacker did not intend to reveal.
The security update to address this vulnerability is Office XP SP3, Office 2003 SP3, Office XP for Business, Office 2000 SP3, Office 2000 for Windows 2000, Office 2000 for Windows NT, Office 2001 for Windows NT, Office XP for Mac, Office 2003 for Mac, Microsoft Office Visio 2002 SP3, Microsoft Office Visio 2003 SP3 and Microsoft Word 2002 SP2.
Timeline
Published on: 03/09/2022 17:15:00 UTC
Last modified on: 03/16/2022 00:24:00 UTC