Every CVE whose affected-product data names Microsoft Visio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (54)
CVE-2003-0347 — CVSS 10.0 (critical): Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote…
CVE-2004-0200 — CVSS 9.3 (critical): Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows…
CVE-2008-1090 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to…
CVE-2008-3012 — CVSS 9.3 (critical): gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008…
CVE-2008-3013 — CVSS 9.3 (critical): gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008…
CVE-2008-3014 — CVSS 9.3 (critical): Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold…
CVE-2008-3015 — CVSS 9.3 (critical): Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1…
CVE-2009-0095 — CVSS 9.3 (critical): Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote…
CVE-2009-0096 — CVSS 9.3 (critical): Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows…
CVE-2009-0097 — CVSS 9.3 (critical): Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to…
CVE-2009-2500 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2009-2501 — CVSS 9.3 (critical): Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007…
CVE-2009-2503 — CVSS 9.3 (critical): GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2009-2504 — CVSS 9.3 (critical): Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2…
CVE-2009-2528 — CVSS 9.3 (critical): GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to…
CVE-2009-3126 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2010-3148 — CVSS 9.3 (critical): Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file…
CVE-2011-0092 — CVSS 9.3 (critical): The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to…
CVE-2011-0093 — CVSS 9.3 (critical): ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file…
CVE-2011-1972 — CVSS 9.3 (critical): Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which…
CVE-2011-1979 — CVSS 9.3 (critical): Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers…
CVE-2012-1888 — CVSS 9.3 (critical): Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio…
CVE-2013-0079 — CVSS 9.3 (critical): Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory…
CVE-2015-2557 — CVSS 9.3 (critical): Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an…
CVE-2006-3864 — CVSS 9.3 (critical): Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote…
CVE-2006-3877 — CVSS 9.3 (critical): Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac…
CVE-2006-5574 — CVSS 9.3 (critical): Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office…
CVE-2007-0934 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS…
CVE-2007-0936 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio…
CVE-2007-5348 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server…
CVE-2008-1089 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to…
CVE-2020-0760 — CVSS 8.8 (high): A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote…
CVE-2009-2502 — CVSS 8.1 (high): Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office…
CVE-2010-0254 — CVSS 7.6 (high): Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote…
CVE-2010-0256 — CVSS 7.6 (high): Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio…
CVE-2010-1681 — CVSS 7.6 (high): Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary…
CVE-2004-0848 — CVSS 7.5 (high): Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing…
CVE-2005-2127 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute…
CVE-2013-1301 — CVSS 4.3 (medium): Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external…
CVE-2015-2423 — CVSS 4.3 (medium): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…