Vulnerability CVE-2010-3333


Published: 2010-11-09   Modified: 2012-02-13

Description:
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."

See advisories in our WLB2 database:
Topic
Author
Date
High
MS Office 2010 RTF Header Stack Overflow Vulnerability Exploit
Snake
04.07.2011

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Office 
Microsoft -> Open xml file format converter 

 References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880
http://securityreason.com/securityalert/8293
http://www.securityfocus.com/bid/44652
http://www.securitytracker.com/id?1024705
http://www.us-cert.gov/cas/techalerts/TA10-313A.html
http://www.vupen.com/english/advisories/2010/2923
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11931

Copyright 2024, cxsecurity.com

 

Back to Top