module
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
| Disclosed | Created |
|---|---|
| 2010-05-04 | 2018-05-30 |
Disclosed
2010-05-04
Created
2018-05-30
Description
This module exploits a stack based overflow vulnerability in the handling
of the DXF files by Microsoft Visio 2002. Revisions prior to the release of
the MS bulletin MS10-028 are vulnerable. The overflow occurs when the application
is used to import a specially crafted DXF file, while parsing the HEADER section
of the DXF file.
To trigger the vulnerability an attacker must convince someone to insert a
specially crafted DXF file to a new document, go to 'Insert' -> 'CAD Drawing'
of the DXF files by Microsoft Visio 2002. Revisions prior to the release of
the MS bulletin MS10-028 are vulnerable. The overflow occurs when the application
is used to import a specially crafted DXF file, while parsing the HEADER section
of the DXF file.
To trigger the vulnerability an attacker must convince someone to insert a
specially crafted DXF file to a new document, go to 'Insert' -> 'CAD Drawing'
Authors
Unknown
Shahin Ramezany shahin@abysssec.com
juan vazquez juan.vazquez@metasploit.com
Shahin Ramezany shahin@abysssec.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.