CVE-2023-35372 in Office
Summary
by MITRE • 08/08/2023
Microsoft Office Visio Remote Code Execution Vulnerability
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/06/2026
Microsoft Office Visio contains a remote code execution vulnerability that arises from improper handling of specially crafted Visio files during the rendering process. This flaw exists in the way Visio processes certain file formats and can be exploited by attackers who craft malicious Visio documents designed to trigger buffer overflows or memory corruption conditions. The vulnerability specifically affects Visio versions that fail to properly validate input data when parsing Visio files, allowing attackers to execute arbitrary code on targeted systems with the privileges of the logged-on user.
The technical mechanism behind this vulnerability involves the manipulation of Visio file structures that contain embedded objects or graphical elements which are processed without adequate bounds checking. When a user opens a maliciously crafted Visio file, the application attempts to render these elements and encounters malformed data that causes memory corruption. This memory corruption can be leveraged to overwrite critical memory locations and redirect execution flow to attacker-controlled code. The vulnerability is classified as a buffer overflow condition that occurs during file parsing operations and can be triggered through various file format elements including shapes, connections, or embedded data streams.
The operational impact of this vulnerability extends beyond simple code execution as it can lead to complete system compromise when exploited in the wild. Attackers can leverage this vulnerability to deploy malware, establish persistent backdoors, or escalate privileges within the targeted environment. The attack surface is particularly broad since Visio files can be delivered through various channels including email attachments, web downloads, or network shares. Once executed, the malicious code can access sensitive data, modify system configurations, or provide attackers with remote access capabilities that persist across system reboots.
Organizations using Microsoft Office Visio should implement immediate mitigations to reduce the risk of exploitation. The primary recommendation involves applying Microsoft security patches and updates that address the specific buffer overflow conditions in Visio file processing. Additionally, implementing strict file validation policies can help prevent the opening of untrusted Visio files, while network segmentation and application whitelisting can limit the potential damage from successful exploitation attempts. Security teams should also consider deploying intrusion detection systems that monitor for suspicious Visio file access patterns and ensure that users receive regular security training about identifying and avoiding potentially malicious documents. This vulnerability aligns with CWE-121 and CWE-125 categories related to buffer overflow conditions and improper input validation, and represents a significant risk under the ATT&CK framework's initial access and execution phases where adversaries seek to establish footholds within target environments through file-based attacks.