Test ID:	1.3.6.1.4.1.25623.1.0.807842
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Visio Remote Code Execution Vulnerability (3163610)
Summary:	This host is missing an important security; update according to Microsoft Bulletin MS16-070
Description:	Summary: This host is missing an important security update according to Microsoft Bulletin MS16-070 Vulnerability Insight: The flaw exists due to error within Office software when Windows improperly validates input before loading libraries. Vulnerability Impact: Successful exploitation will allow remote attackers to run arbitrary code in the context of the current user and to perform actions in the security context of the current user. Affected Software/OS: - Microsoft Visio 2007 - Microsoft Visio 2010 - Microsoft Visio 2013 - Microsoft Visio 2016 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3235 Bugtraq: 20160615 Microsoft Visio multiple DLL side loading vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/538685/100/0/threaded http://seclists.org/fulldisclosure/2016/Jun/32 http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html Microsoft Security Bulletin: MS16-070 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 http://www.securitytracker.com/id/1036093
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.