----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Microsoft Office Visio Two Memory Corruption Vulnerabilities

SECUNIA ADVISORY ID:
SA39381

VERIFY ADVISORY:
http://secunia.com/advisories/39381/

DESCRIPTION:
Two vulnerabilities have been reported in Microsoft Visio, which can
be exploited by malicious people to compromise a user's system.

1) An error in the validation of certain attributes can be exploited
to corrupt memory.

2) An error when calculating certain indexes can be exploited to
corrupt memory.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code by tricking a user into opening a specially crafted
Visio file.

SOLUTION:
Apply patches.

Microsoft Office Visio 2002 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=2d563cbc-d8f7-486b-8c54-25d168085376

Microsoft Office Visio 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=803a7ea0-a9da-46dd-9548-0177d3774be7

Microsoft Office Visio 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=56fe020f-4444-4a43-aa98-e99a622f6a69

Microsoft Office Visio 2007 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=56fe020f-4444-4a43-aa98-e99a622f6a69

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Bing Liu, Fortinet's FortiGuard Labs.

ORIGINAL ADVISORY:
MS10-028 (KB980094, KB979356, KB979364, KB979365)
http://www.microsoft.com/technet/security/bulletin/MS10-028.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------