CVE-2010-3221

2010-10-1319:00:44

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-3221

microsoft word

word viewer

office 2004 for mac

parsing vulnerability

memory corruption

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.883 High

EPSS

Percentile

98.7%

JSON

Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka “Word Parsing Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2004mac

microsoftwordMatch2002sp3

microsoftwordMatch2003sp3

microsoftword_viewer

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2004
microsoft:wordmicrosoft wordeq2002
microsoft:wordmicrosoft wordeq2003
microsoft:word_viewermicrosoft word viewereq*

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2004
microsoft:word	microsoft word	eq	2002
microsoft:word	microsoft word	eq	2003
microsoft:word_viewer	microsoft word viewer	eq	*