CVE-2010-3950

2010-12-1619:33:02

CWE-119

microsoft

web.nvd.nist.gov

microsoft

office

tiff

image converter

memory corruption

vulnerability

cve-2010-3950

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.899

Percentile

98.9%

JSON

The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka “TIFF Image Converter Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatchxpsp3

microsoftoffice_converter_pack

microsoftworksMatch9.0

VendorProductVersionCPE
microsoftofficexpcpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
microsoftoffice_converter_pack*cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*
microsoftworks9.0cpe:2.3:a:microsoft:works:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	xp	cpe:2.3:a:microsoft:office:xp:sp3::::::
microsoft	office_converter_pack	*	cpe:2.3:a:microsoft:office_converter_pack::::::::
microsoft	works	9.0	cpe:2.3:a:microsoft:works:9.0:::::::*