cvelistv5 - cve-2010-3945

CVE-2010-3945 (GCVE-0-2010-3945)

Vulnerability from cvelistv5 – Published: 2010-12-16 19:00 – Updated: 2024-08-07 03:26

Summary

Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.us-cert.gov/cas/techalerts/TA10-348A.html	third-party-advisoryx_refsource_CERT
	http://www.securitytracker.com/id?1024887	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:12.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA10-348A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
          },
          {
            "name": "1024887",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024887"
          },
          {
            "name": "oval:org.mitre.oval:def:12249",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249"
          },
          {
            "name": "MS10-105",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \"CGM Image Converter Buffer Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA10-348A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
        },
        {
          "name": "1024887",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024887"
        },
        {
          "name": "oval:org.mitre.oval:def:12249",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249"
        },
        {
          "name": "MS10-105",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3945",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \"CGM Image Converter Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-348A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
            },
            {
              "name": "1024887",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024887"
            },
            {
              "name": "oval:org.mitre.oval:def:12249",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249"
            },
            {
              "name": "MS10-105",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-3945",
    "datePublished": "2010-12-16T19:00:00",
    "dateReserved": "2010-10-14T00:00:00",
    "dateUpdated": "2024-08-07T03:26:12.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C6C8409-397E-40DF-A645-6409189D450D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \\\"CGM Image Converter Buffer Overrun Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento del b\\u00fafer en el convertidor de im\\u00e1genes CGM de los filtros gr\\u00e1ficos de Microsoft Office XP SP3, Office 2003 SP3, y Office Converter Pack permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante una imagen CGM manipulada en un documento Office. Tambi\\u00e9n se conoce como \\\"Vulnerabilidad de B\\u00fafer Overrun en el Convertidor de Im\\u00e1genes de CGM\\\".\"}]",
      "id": "CVE-2010-3945",
      "lastModified": "2024-11-21T01:19:56.900",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-12-16T19:33:02.817",
      "references": "[{\"url\": \"http://www.securitytracker.com/id?1024887\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1024887\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3945\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-12-16T19:33:02.817\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \\\"CGM Image Converter Buffer Overrun Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Desbordamiento del b\u00fafer en el convertidor de im\u00e1genes CGM de los filtros gr\u00e1ficos de Microsoft Office XP SP3, Office 2003 SP3, y Office Converter Pack permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen CGM manipulada en un documento Office. Tambi\u00e9n se conoce como \\\"Vulnerabilidad de B\u00fafer Overrun en el Convertidor de Im\u00e1genes de CGM\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6C8409-397E-40DF-A645-6409189D450D\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id?1024887\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1024887\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2010-AVI-608

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités découvertes dans Microsoft Office permettent à un utilisateur distant malintentionné d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités présentes dans les convertisseurs d'images aux formats TIFF, CGM, PICT et FlashPix de Microsoft Office ont été corrigées. Ces vulnérabilités peuvent être exploitées par une personne malveillante afin d'exécuter du code arbitraire à distance au moyen d'un document Microsoft Office spécialement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2010 éditions 32 bits et 64 bits ;
Microsoft	Office	Microsoft Office 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Works 9.
Microsoft	Office	Pack de conversion Microsoft Office ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-105 du 14 décembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2010 \u00e9ditions 32 bits et 64 bits ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 9.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de conversion Microsoft Office ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les convertisseurs d\u0027images aux\nformats TIFF, CGM, PICT et FlashPix de Microsoft Office ont \u00e9t\u00e9\ncorrig\u00e9es. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par une personne\nmalveillante afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen d\u0027un\ndocument Microsoft Office sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3949"
    },
    {
      "name": "CVE-2010-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3951"
    },
    {
      "name": "CVE-2010-3952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3952"
    },
    {
      "name": "CVE-2010-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3945"
    },
    {
      "name": "CVE-2010-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3946"
    },
    {
      "name": "CVE-2010-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3947"
    },
    {
      "name": "CVE-2010-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3950"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-608",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Microsoft Office permettent \u00e0\nun utilisateur distant malintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-105 du 14 d\u00e9cembre 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-105.mspx"
    }
  ]
}

CERTA-2010-AVI-608

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités découvertes dans Microsoft Office permettent à un utilisateur distant malintentionné d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2010 éditions 32 bits et 64 bits ;
Microsoft	Office	Microsoft Office 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Works 9.
Microsoft	Office	Pack de conversion Microsoft Office ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-105 du 14 décembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2010 \u00e9ditions 32 bits et 64 bits ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 9.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de conversion Microsoft Office ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les convertisseurs d\u0027images aux\nformats TIFF, CGM, PICT et FlashPix de Microsoft Office ont \u00e9t\u00e9\ncorrig\u00e9es. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par une personne\nmalveillante afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen d\u0027un\ndocument Microsoft Office sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3949"
    },
    {
      "name": "CVE-2010-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3951"
    },
    {
      "name": "CVE-2010-3952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3952"
    },
    {
      "name": "CVE-2010-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3945"
    },
    {
      "name": "CVE-2010-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3946"
    },
    {
      "name": "CVE-2010-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3947"
    },
    {
      "name": "CVE-2010-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3950"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-608",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Microsoft Office permettent \u00e0\nun utilisateur distant malintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-105 du 14 d\u00e9cembre 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-105.mspx"
    }
  ]
}

GSD-2010-3945

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3945

Aliases

CVE-2010-3945

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3945",
    "description": "Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \"CGM Image Converter Buffer Overrun Vulnerability.\"",
    "id": "GSD-2010-3945"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3945"
      ],
      "details": "Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \"CGM Image Converter Buffer Overrun Vulnerability.\"",
      "id": "GSD-2010-3945",
      "modified": "2023-12-13T01:21:34.824575Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-3945",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \"CGM Image Converter Buffer Overrun Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA10-348A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
          },
          {
            "name": "1024887",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024887"
          },
          {
            "name": "oval:org.mitre.oval:def:12249",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249"
          },
          {
            "name": "MS10-105",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3945"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \"CGM Image Converter Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-348A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
            },
            {
              "name": "1024887",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024887"
            },
            {
              "name": "oval:org.mitre.oval:def:12249",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249"
            },
            {
              "name": "MS10-105",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:58Z",
      "publishedDate": "2010-12-16T19:33Z"
    }
  }
}

FKIE_CVE-2010-3945

Vulnerability from fkie_nvd - Published: 2010-12-16 19:33 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.securitytracker.com/id?1024887
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-348A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024887
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-348A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249

Impacted products

Vendor	Product	Version
microsoft	office	2003
microsoft	office	xp
microsoft	office_converter_pack	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6C8409-397E-40DF-A645-6409189D450D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \"CGM Image Converter Buffer Overrun Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento del b\u00fafer en el convertidor de im\u00e1genes CGM de los filtros gr\u00e1ficos de Microsoft Office XP SP3, Office 2003 SP3, y Office Converter Pack permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen CGM manipulada en un documento Office. Tambi\u00e9n se conoce como \"Vulnerabilidad de B\u00fafer Overrun en el Convertidor de Im\u00e1genes de CGM\"."
    }
  ],
  "id": "CVE-2010-3945",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-16T19:33:02.817",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1024887"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2C82-GGGJ-55F4

Vulnerability from github – Published: 2022-05-14 02:36 – Updated: 2022-05-14 02:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3945"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-16T19:33:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka \"CGM Image Converter Buffer Overrun Vulnerability.\"",
  "id": "GHSA-2c82-gggj-55f4",
  "modified": "2022-05-14T02:36:17Z",
  "published": "2022-05-14T02:36:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3945"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12249"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024887"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3945 (GCVE-0-2010-3945)

CERTA-2010-AVI-608

Description

Solution

CERTA-2010-AVI-608

Description

Solution

GSD-2010-3945

FKIE_CVE-2010-3945

GHSA-2C82-GGGJ-55F4

Tags

Sightings

Nomenclature