1. CVE-Search
  2. CVE-2010-3333
ID CVE-2010-3333
Summary Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*
    cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*
  • cpe:2.3:a:microsoft:open_xml_file_format_converter:-:*:*:*:*:macos:*:*
    cpe:2.3:a:microsoft:open_xml_file_format_converter:-:*:*:*:*:macos:*:*
  • cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*
    cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*
  • cpe:2.3:a:microsoft:office:2011:*:*:*:*:macos:*:*
    cpe:2.3:a:microsoft:office:2011:*:*:*:*:macos:*:*
CVSS
Base: 9.3 (as of 16-07-2024 - 17:38)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS10-087
bulletin_url
date 2010-11-09T00:00:00
impact Remote Code Execution
knowledgebase_id 2423930
knowledgebase_url
severity Critical
title Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
oval via4
accepted 2014-06-09T04:00:10.662-04:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Office XP is installed
    oval oval:org.mitre.oval:def:663
  • comment Microsoft Office 2003 SP3 is installed
    oval oval:org.mitre.oval:def:15626
  • comment Microsoft Office 2007 SP2 is installed
    oval oval:org.mitre.oval:def:15607
  • comment Microsoft Office 2010 is installed
    oval oval:org.mitre.oval:def:12061
description Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
family windows
id oval:org.mitre.oval:def:11931
status accepted
submitted 2010-03-09T13:00:00
title RTF Stack Buffer Overflow Vulnerability
version 25
refmap via4
bid 44652
cert TA10-313A
idefense 20101109 Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability
sectrack 1024705
secunia
  • 38521
  • 42144
sreason 8293
vupen ADV-2010-2923
saint via4
bid 44652
description Microsoft Office RTF pFragments Property Stack Buffer Overflow
id win_patch_office2002,win_patch_office2003,win_patch_office2007
osvdb 69085
title ms_office_rtf_pfragments_property
type client
Last major update 16-07-2024 - 17:38
Published 10-11-2010 - 03:00
Last modified 16-07-2024 - 17:38
Back to Top