Unrated severityNVD Advisory· Published Apr 14, 2010· Updated Apr 29, 2026

CVE-2010-0254

Description

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."

Affected products

Microsoft/Visio4 versions
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/cas/techalerts/TA10-103A.htmlnvdUS Government Resource
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.016
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000