Lucene search

[email protected]CVE-2010-2747

HistoryOct 13, 2010 - 7:00 p.m.

CVE-2010-2747

2010-10-1319:00:44

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-2747

microsoft word

office 2004

mac

remote code execution

memory corruption

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.809 High

EPSS

Percentile

98.3%

JSON

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka “Word Uninitialized Pointer Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2004mac

microsoftwordMatch2002sp3

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2004
microsoft:wordmicrosoft wordeq2002

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2004
microsoft:word	microsoft word	eq	2002

References

www.securityfocus.com/archive/1/514310/100/0/threaded

www.us-cert.gov/cas/techalerts/TA10-285A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7121

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.809 High

EPSS

Percentile

98.3%

JSON

Related for CVE-2010-2747

symantec1 securityvulns3 prion1 cvelist1 nvd1 seebug1 openvas2 nessus1 mskb1