cvelistv5 - CVE-2010-3334

CVE-2010-3334 (GCVE-0-2010-3334)

Vulnerability from cvelistv5 – Published: 2010-11-10 01:00 – Updated: 2024-08-07 03:03

Summary

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id?1024705	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/42144	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/514699/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/38521	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/2923	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/44656	vdb-entryx_refsource_BID
	http://secunia.com/secunia_research/2010-4/	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA10-313A.html	third-party-advisoryx_refsource_CERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:19.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1024705",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024705"
          },
          {
            "name": "oval:org.mitre.oval:def:11439",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
          },
          {
            "name": "42144",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42144"
          },
          {
            "name": "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
          },
          {
            "name": "38521",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38521"
          },
          {
            "name": "ADV-2010-2923",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2923"
          },
          {
            "name": "44656",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44656"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2010-4/"
          },
          {
            "name": "MS10-087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
          },
          {
            "name": "TA10-313A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1024705",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024705"
        },
        {
          "name": "oval:org.mitre.oval:def:11439",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
        },
        {
          "name": "42144",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42144"
        },
        {
          "name": "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
        },
        {
          "name": "38521",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38521"
        },
        {
          "name": "ADV-2010-2923",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2923"
        },
        {
          "name": "44656",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44656"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2010-4/"
        },
        {
          "name": "MS10-087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
        },
        {
          "name": "TA10-313A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3334",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1024705",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024705"
            },
            {
              "name": "oval:org.mitre.oval:def:11439",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
            },
            {
              "name": "42144",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42144"
            },
            {
              "name": "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
            },
            {
              "name": "38521",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38521"
            },
            {
              "name": "ADV-2010-2923",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2923"
            },
            {
              "name": "44656",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44656"
            },
            {
              "name": "http://secunia.com/secunia_research/2010-4/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2010-4/"
            },
            {
              "name": "MS10-087",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
            },
            {
              "name": "TA10-313A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-3334",
    "datePublished": "2010-11-10T01:00:00",
    "dateReserved": "2010-09-14T00:00:00",
    "dateUpdated": "2024-08-07T03:03:19.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"08AF794A-435D-4171-9DBB-EB7FAED96DBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"5BA91840-371C-4282-9F7F-B393F785D260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F68DBEC-7A95-43B4-9174-79F89FC93BC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"0D84FC39-29AA-4EF2-ACE7-E72635126F2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"3807A4E4-EB58-47B6-AD98-6ED464DEBA4E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \\\"Office Art Drawing Records Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 y 2008 para Mac, Office para Mac 2011 y Open XML File Format Converter para Mac, permiten a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de un documento de Office que contiene un registro Office Art Drawing con registros msofbtSp especialmente dise\\u00f1ados y flags no especificados, lo que desencadena una corrupci\\u00f3n de memoria, tambi\\u00e9n se conoce como \\\"Office Art Drawing Records Vulnerability\\\".\"}]",
      "id": "CVE-2010-3334",
      "lastModified": "2024-11-21T01:18:31.990",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-11-10T03:00:02.133",
      "references": "[{\"url\": \"http://secunia.com/advisories/38521\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/42144\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2010-4/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/514699/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/44656\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1024705\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-313A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2923\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/38521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/42144\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2010-4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/514699/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/44656\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024705\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-313A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2923\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3334\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-11-10T03:00:02.133\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \\\"Office Art Drawing Records Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 y 2008 para Mac, Office para Mac 2011 y Open XML File Format Converter para Mac, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Office que contiene un registro Office Art Drawing con registros msofbtSp especialmente dise\u00f1ados y flags no especificados, lo que desencadena una corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \\\"Office Art Drawing Records Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"08AF794A-435D-4171-9DBB-EB7FAED96DBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"5BA91840-371C-4282-9F7F-B393F785D260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F68DBEC-7A95-43B4-9174-79F89FC93BC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"0D84FC39-29AA-4EF2-ACE7-E72635126F2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"3807A4E4-EB58-47B6-AD98-6ED464DEBA4E\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/38521\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42144\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2010-4/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/514699/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/44656\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1024705\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-313A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2923\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/38521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2010-4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/514699/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/44656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-313A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2010-3334

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3334

Aliases

CVE-2010-3334

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3334",
    "description": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\"",
    "id": "GSD-2010-3334"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3334"
      ],
      "details": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\"",
      "id": "GSD-2010-3334",
      "modified": "2023-12-13T01:21:34.206934Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-3334",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1024705",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024705"
          },
          {
            "name": "oval:org.mitre.oval:def:11439",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
          },
          {
            "name": "42144",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42144"
          },
          {
            "name": "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
          },
          {
            "name": "38521",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38521"
          },
          {
            "name": "ADV-2010-2923",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2923"
          },
          {
            "name": "44656",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/44656"
          },
          {
            "name": "http://secunia.com/secunia_research/2010-4/",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2010-4/"
          },
          {
            "name": "MS10-087",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
          },
          {
            "name": "TA10-313A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3334"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44656",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/44656"
            },
            {
              "name": "ADV-2010-2923",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2923"
            },
            {
              "name": "http://secunia.com/secunia_research/2010-4/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/secunia_research/2010-4/"
            },
            {
              "name": "1024705",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024705"
            },
            {
              "name": "42144",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42144"
            },
            {
              "name": "38521",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38521"
            },
            {
              "name": "TA10-313A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11439",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
            },
            {
              "name": "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
            },
            {
              "name": "MS10-087",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:58Z",
      "publishedDate": "2010-11-10T03:00Z"
    }
  }
}

FKIE_CVE-2010-3334

Vulnerability from fkie_nvd - Published: 2010-11-10 03:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/38521	Vendor Advisory
secure@microsoft.com	http://secunia.com/advisories/42144	Vendor Advisory
secure@microsoft.com	http://secunia.com/secunia_research/2010-4/	Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/archive/1/514699/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/44656
secure@microsoft.com	http://www.securitytracker.com/id?1024705
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-313A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/2923	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38521	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42144	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2010-4/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514699/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44656
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024705
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-313A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2923	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439

Impacted products

Vendor	Product	Version
microsoft	office	2003
microsoft	office	2004
microsoft	office	2007
microsoft	office	2008
microsoft	office	2010
microsoft	office	2011
microsoft	office	xp
microsoft	open_xml_file_format_converter	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F68DBEC-7A95-43B4-9174-79F89FC93BC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
              "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 y 2008 para Mac, Office para Mac 2011 y Open XML File Format Converter para Mac, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Office que contiene un registro Office Art Drawing con registros msofbtSp especialmente dise\u00f1ados y flags no especificados, lo que desencadena una corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \"Office Art Drawing Records Vulnerability\"."
    }
  ],
  "id": "CVE-2010-3334",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-10T03:00:02.133",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38521"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42144"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-4/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/44656"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1024705"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2923"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/44656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-AVI-543

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Office permettent à un utilisateur malveillant d'exécuter du code avec les droits de l'utilisateur connecté.

Description

Plusieurs vulnérabilités dans Microsoft Office permettent à un utilisateur malveillant d'exécuter du code avec les droits de l'utilisateur connecté :

une possibilité de débordement de mémoire dans le traitement des fichiers au format RTF est exploitable au moyen d'un fichier spécialement conçu ;
des corruptions de mémoire dans les traitements de dessin et d'objets graphiques sont exploitables au moyen de fichiers Office spécialement construits ;
la gestion d'une violation d'accès est également exploitable en utilisant un fichier Office spécialement conçu ;
l'ordre de recherche des bibliothèques (DLL) est utilisable pour substituer une bibliothèque malveillante.

Solution

À la date du 10 novembre 2010, les correctifs pour Microsoft Office pour Mac 2004 et 2008 et pour Open XML File Format Converter ne sont pas encore disponibles.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP SP3, 2003 SP3, 2007 SP2 et 2010 ;
Microsoft	Office	Microsoft Office pour Mac 2004, 2008 et 2011 ;
Microsoft	Office	Open XML File Format Converter pour Mac.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-087 du 09 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP SP3, 2003 SP3, 2007 SP2 et 2010 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Mac 2004, 2008 et 2011 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Open XML File Format Converter pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Office permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code avec les droits de\nl\u0027utilisateur connect\u00e9\u00a0:\n\n-   une possibilit\u00e9 de d\u00e9bordement de m\u00e9moire dans le traitement des\n    fichiers au format RTF est exploitable au moyen d\u0027un fichier\n    sp\u00e9cialement con\u00e7u\u00a0;\n-   des corruptions de m\u00e9moire dans les traitements de dessin et\n    d\u0027objets graphiques sont exploitables au moyen de fichiers Office\n    sp\u00e9cialement construits\u00a0;\n-   la gestion d\u0027une violation d\u0027acc\u00e8s est \u00e9galement exploitable en\n    utilisant un fichier Office sp\u00e9cialement con\u00e7u\u00a0;\n-   l\u0027ordre de recherche des biblioth\u00e8ques (DLL) est utilisable pour\n    substituer une biblioth\u00e8que malveillante.\n\n## Solution\n\n\u00c0 la date du 10 novembre 2010, les correctifs pour Microsoft Office pour\nMac 2004 et 2008 et pour Open XML File Format Converter ne sont pas\nencore disponibles.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3336"
    },
    {
      "name": "CVE-2010-3337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3337"
    },
    {
      "name": "CVE-2010-3335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3335"
    },
    {
      "name": "CVE-2010-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3334"
    },
    {
      "name": "CVE-2010-3333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3333"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-543",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Office permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code avec les droits de\nl\u0027utilisateur connect\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-087 du 09 novembre 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx"
    }
  ]
}

CERTA-2010-AVI-543

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Office permettent à un utilisateur malveillant d'exécuter du code avec les droits de l'utilisateur connecté.

Description

Plusieurs vulnérabilités dans Microsoft Office permettent à un utilisateur malveillant d'exécuter du code avec les droits de l'utilisateur connecté :

une possibilité de débordement de mémoire dans le traitement des fichiers au format RTF est exploitable au moyen d'un fichier spécialement conçu ;
des corruptions de mémoire dans les traitements de dessin et d'objets graphiques sont exploitables au moyen de fichiers Office spécialement construits ;
la gestion d'une violation d'accès est également exploitable en utilisant un fichier Office spécialement conçu ;
l'ordre de recherche des bibliothèques (DLL) est utilisable pour substituer une bibliothèque malveillante.

Solution

À la date du 10 novembre 2010, les correctifs pour Microsoft Office pour Mac 2004 et 2008 et pour Open XML File Format Converter ne sont pas encore disponibles.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP SP3, 2003 SP3, 2007 SP2 et 2010 ;
Microsoft	Office	Microsoft Office pour Mac 2004, 2008 et 2011 ;
Microsoft	Office	Open XML File Format Converter pour Mac.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-087 du 09 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP SP3, 2003 SP3, 2007 SP2 et 2010 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Mac 2004, 2008 et 2011 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Open XML File Format Converter pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Office permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code avec les droits de\nl\u0027utilisateur connect\u00e9\u00a0:\n\n-   une possibilit\u00e9 de d\u00e9bordement de m\u00e9moire dans le traitement des\n    fichiers au format RTF est exploitable au moyen d\u0027un fichier\n    sp\u00e9cialement con\u00e7u\u00a0;\n-   des corruptions de m\u00e9moire dans les traitements de dessin et\n    d\u0027objets graphiques sont exploitables au moyen de fichiers Office\n    sp\u00e9cialement construits\u00a0;\n-   la gestion d\u0027une violation d\u0027acc\u00e8s est \u00e9galement exploitable en\n    utilisant un fichier Office sp\u00e9cialement con\u00e7u\u00a0;\n-   l\u0027ordre de recherche des biblioth\u00e8ques (DLL) est utilisable pour\n    substituer une biblioth\u00e8que malveillante.\n\n## Solution\n\n\u00c0 la date du 10 novembre 2010, les correctifs pour Microsoft Office pour\nMac 2004 et 2008 et pour Open XML File Format Converter ne sont pas\nencore disponibles.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3336"
    },
    {
      "name": "CVE-2010-3337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3337"
    },
    {
      "name": "CVE-2010-3335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3335"
    },
    {
      "name": "CVE-2010-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3334"
    },
    {
      "name": "CVE-2010-3333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3333"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-543",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Office permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code avec les droits de\nl\u0027utilisateur connect\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-087 du 09 novembre 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx"
    }
  ]
}

GHSA-WFJG-HH7X-GPV7

Vulnerability from github – Published: 2022-05-14 02:36 – Updated: 2025-04-11 03:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-11-10T03:00:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\"",
  "id": "GHSA-wfjg-hh7x-gpv7",
  "modified": "2025-04-11T03:41:01Z",
  "published": "2022-05-14T02:36:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3334"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38521"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42144"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2010-4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44656"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024705"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2923"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3334 (GCVE-0-2010-3334)

GSD-2010-3334

FKIE_CVE-2010-3334

CERTA-2010-AVI-543

Description

Solution

CERTA-2010-AVI-543

Description

Solution

GHSA-WFJG-HH7X-GPV7

Tags

Sightings

Nomenclature