module
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
| Disclosed | Created |
|---|---|
| May 4, 2010 | May 30, 2018 |
Disclosed
May 4, 2010
Created
May 30, 2018
Description
This module exploits a stack based overflow vulnerability in the handling
of the DXF files by Microsoft Visio 2002. Revisions prior to the release of
the MS bulletin MS10-028 are vulnerable. The overflow occurs when the application
is used to import a specially crafted DXF file, while parsing the HEADER section
of the DXF file.
To trigger the vulnerability an attacker must convince someone to insert a
specially crafted DXF file to a new document, go to 'Insert' -> 'CAD Drawing'
of the DXF files by Microsoft Visio 2002. Revisions prior to the release of
the MS bulletin MS10-028 are vulnerable. The overflow occurs when the application
is used to import a specially crafted DXF file, while parsing the HEADER section
of the DXF file.
To trigger the vulnerability an attacker must convince someone to insert a
specially crafted DXF file to a new document, go to 'Insert' -> 'CAD Drawing'
Authors
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.