Visio
by Microsoft
CVEs (60)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-5574 | 0.02 | — | 0.24 | Dec 31, 2006 | Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly… | |||
| CVE-2004-0848 | 0.02 | — | 0.27 | Feb 8, 2005 | Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. | |||
| CVE-2021-38654 | 0.01 | — | 0.05 | Sep 15, 2021 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2015-2503 | 0.01 | — | 0.17 | Nov 11, 2015 | Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2,… | |||
| CVE-2013-1301 | 0.01 | — | 0.17 | May 15, 2013 | Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." | |||
| CVE-2010-0256 | 0.01 | — | 0.18 | Apr 14, 2010 | Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." | |||
| CVE-2010-0254 | 0.01 | — | 0.18 | Apr 14, 2010 | Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." | |||
| CVE-2006-3877 | 0.01 | — | 0.12 | Oct 10, 2006 | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435,… | |||
| CVE-2025-59226 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-54907 | 0.00 | — | 0.00 | Sep 9, 2025 | Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-53734 | 0.00 | — | 0.00 | Aug 12, 2025 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-21356 | 0.00 | — | 0.01 | Jan 14, 2025 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2025-21345 | 0.00 | — | 0.01 | Jan 14, 2025 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2024-38016 | 0.00 | — | 0.01 | Sep 19, 2024 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2023-35372 | 0.00 | — | 0.01 | Aug 8, 2023 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2023-36866 | 0.00 | — | 0.01 | Aug 8, 2023 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2023-36865 | 0.00 | — | 0.01 | Aug 8, 2023 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2022-38010 | 0.00 | — | 0.01 | Sep 13, 2022 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2021-40480 | 0.00 | — | 0.05 | Oct 13, 2021 | Microsoft Office Visio Remote Code Execution Vulnerability | |||
| CVE-2021-27055 | 0.00 | — | 0.02 | Mar 11, 2021 | Microsoft Visio Security Feature Bypass Vulnerability |
- CVE-2006-5574Dec 31, 2006risk 0.02cvss —epss 0.24
Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly…
- CVE-2004-0848Feb 8, 2005risk 0.02cvss —epss 0.27
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
- CVE-2021-38654Sep 15, 2021risk 0.01cvss —epss 0.05
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2015-2503Nov 11, 2015risk 0.01cvss —epss 0.17
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2,…
- CVE-2013-1301May 15, 2013risk 0.01cvss —epss 0.17
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
- CVE-2010-0256Apr 14, 2010risk 0.01cvss —epss 0.18
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
- CVE-2010-0254Apr 14, 2010risk 0.01cvss —epss 0.18
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
- CVE-2006-3877Oct 10, 2006risk 0.01cvss —epss 0.12
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435,…
- CVE-2025-59226Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
- CVE-2025-54907Sep 9, 2025risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
- CVE-2025-53734Aug 12, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
- CVE-2025-21356Jan 14, 2025risk 0.00cvss —epss 0.01
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2025-21345Jan 14, 2025risk 0.00cvss —epss 0.01
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2024-38016Sep 19, 2024risk 0.00cvss —epss 0.01
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2023-35372Aug 8, 2023risk 0.00cvss —epss 0.01
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2023-36866Aug 8, 2023risk 0.00cvss —epss 0.01
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2023-36865Aug 8, 2023risk 0.00cvss —epss 0.01
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2022-38010Sep 13, 2022risk 0.00cvss —epss 0.01
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2021-40480Oct 13, 2021risk 0.00cvss —epss 0.05
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2021-27055Mar 11, 2021risk 0.00cvss —epss 0.02
Microsoft Visio Security Feature Bypass Vulnerability
Page 3 of 3