Microsoft Visio

Do you want an email whenever new security vulnerabilities are reported in Microsoft Visio?

Recent Microsoft Visio Security Advisories

Advisory	Title	Published
CVE-2023-21737	Microsoft Office Visio Remote Code Execution Vulnerability	January 10, 2023
CVE-2023-21736	Microsoft Office Visio Remote Code Execution Vulnerability	January 10, 2023
CVE-2023-21738	Microsoft Office Visio Remote Code Execution Vulnerability	January 10, 2023
CVE-2023-21741	Microsoft Office Visio Information Disclosure Vulnerability	January 10, 2023
CVE-2022-44696	Microsoft Office Visio Remote Code Execution Vulnerability	December 13, 2022
CVE-2022-44695	Microsoft Office Visio Remote Code Execution Vulnerability	December 13, 2022
CVE-2022-44694	Microsoft Office Visio Remote Code Execution Vulnerability	December 13, 2022
CVE-2022-38010	Microsoft Office Visio Remote Code Execution Vulnerability	September 13, 2022
CVE-2022-37963	Microsoft Office Visio Remote Code Execution Vulnerability	September 13, 2022
CVE-2022-24509	Microsoft Office Visio Remote Code Execution Vulnerability	March 8, 2022

By the Year

In 2023 there have been 3 vulnerabilities in Microsoft Visio with an average score of 7.6 out of ten. Last year Visio had 2 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 0.23

Year	Vulnerabilities	Average Score
2023	3	7.57
2022	2	7.80
2021	1	7.00
2020	1	8.80
2019	0	0.00
2018	0	0.00

It may take a day or so for new Visio vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Visio Security Vulnerabilities

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2023-21736 7.8 - High - January 10, 2023

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21737, CVE-2023-21738.

Microsoft Office Visio Information Disclosure Vulnerability.

CVE-2023-21741 7.1 - High - January 10, 2023

Microsoft Office Visio Information Disclosure Vulnerability.

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2023-21737 7.8 - High - January 10, 2023

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21736, CVE-2023-21738.

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2022-44695 7.8 - High - December 13, 2022

Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2022-38010 7.8 - High - September 13, 2022

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37963.

Microsoft Visio Security Feature Bypass Vulnerability

CVE-2021-27055 7 - High - March 11, 2021

Microsoft Visio Security Feature Bypass Vulnerability

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries

CVE-2020-0760 8.8 - High - April 15, 2020

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

Improper Input Validation

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0

CVE-2008-3013 - September 11, 2008

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."

Resource Management Errors

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Works or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Visio
Product

Microsoft Visio

Recent Microsoft Visio Security Advisories

By the Year

Recent Microsoft Visio Security Vulnerabilities

Microsoft Office Visio Remote Code Execution Vulnerability CVE-2023-21736 7.8 - High - January 10, 2023

Microsoft Office Visio Information Disclosure Vulnerability. CVE-2023-21741 7.1 - High - January 10, 2023

Microsoft Office Visio Remote Code Execution Vulnerability CVE-2023-21737 7.8 - High - January 10, 2023

Microsoft Office Visio Remote Code Execution Vulnerability CVE-2022-44695 7.8 - High - December 13, 2022

Microsoft Office Visio Remote Code Execution Vulnerability CVE-2022-38010 7.8 - High - September 13, 2022

Microsoft Visio Security Feature Bypass Vulnerability CVE-2021-27055 7 - High - March 11, 2021

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries CVE-2020-0760 8.8 - High - April 15, 2020