CVE-2010-3334

2010-11-1003:00:02

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-3334

microsoft office

remote code execution

memory corruption

nvd

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.954 High

EPSS

Percentile

99.4%

JSON

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka “Office Art Drawing Records Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2003sp3

microsoftofficeMatch2004mac

microsoftofficeMatch2007sp2

microsoftofficeMatch2008mac

microsoftofficeMatch2010

microsoftofficeMatch2011mac

microsoftofficeMatchxpsp3

microsoftopen_xml_file_format_convertermac

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2010
microsoft:officemicrosoft officeeq2011
microsoft:officemicrosoft officeeqxp
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2010
microsoft:office	microsoft office	eq	2011
microsoft:office	microsoft office	eq	xp
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*