Executive Risk Summary
"A local privilege escalation vulnerability exists in Microsoft Visio due to the mishandling of library loading, allowing a crafted application to gain elevated privileges. This vulnerability affects various versions of Microsoft Visio, including Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, and Visio 2016."
Anticipated Attack Path
- 1. Exploitation of the DLL side loading vulnerability
- 2. Execution of malicious code with elevated privileges
- 3. Potential lateral movement and further exploitation of the compromised system
Am I Vulnerable?
- Verify the version of Microsoft Visio installed
- Check for the presence of the vulnerable DLLs
- Apply the patch from Microsoft as outlined in MS16-070
Operational Audit Arsenal
Target Type Executable
Target Asset visio.exe
Standard Path C:\Program Files\Microsoft Office\Visio
PowerShell
# 🛠️ Senior Engineer Universal Audit
# Target: visio.exe (Executable)
$Targets = 'visio.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Reboot Required Likely
Minimal, but may require restarting the Visio application
Internal Work Notes
Microsoft Visio DLL side loading vulnerability (CVE-2016-3235) - apply MS16-070 patch to prevent local privilege escalation
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttp://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
Official Advisoryhttp://seclists.org/fulldisclosure/2016/Jun/32
Official Advisoryhttp://www.securityfocus.com/archive/1/538685/100/0/threaded
Official Advisoryhttp://www.securitytracker.com/id/1036093
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070
Official Advisoryhttps://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html
Official Advisoryhttp://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
Official Advisoryhttp://seclists.org/fulldisclosure/2016/Jun/32
Official Advisoryhttp://www.securityfocus.com/archive/1/538685/100/0/threaded
Official Advisoryhttp://www.securitytracker.com/id/1036093
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070
Official Advisoryhttps://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235
Related Microsoft Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.