CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.9%
Added: 08/12/2010
CVE: CVE-2010-1901
BID: 42132
OSVDB: 66995
Microsoft Office Word is Microsoftβs word processing software, released as a component of Microsoft Office suite.
Microsoft Office Word does not perform sufficient data validation when handling rich text data. When Word opens and parses a specially crafted RTF e-mail message or file, it may corrupt memory in such a way that an attacker could execute arbitrary code.
Install the patch referenced in Microsoft Security Bulletin 10-056.
<http://www.microsoft.com/technet/security/bulletin/MS10-056.mspx>
Exploit works on Microsoft Office Word 2003 SP3.
This exploit requires the Compress-Zlib PERL module from CPAN.
This exploit is not 100% reliable since the exploit script relies on a heap memory address that is not always fixed.
Windows