Integer Underflow in Microsoft PowerPoint Products Inviting Remote Code Execution
CVE-2010-2573

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Powerpoint; Powerpoint Viewer
Vendor: CVE Published:; 10 November 2010

Summary

An integer underflow vulnerability exists in Microsoft PowerPoint 2002 SP3, 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac. This flaw allows remote attackers to manipulate specially crafted PowerPoint documents, leading to arbitrary code execution. The flaw stems from improper handling of integer values, resulting in unexpected behavior that can corrupt memory and potentially execute malicious code on the victim's system.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA10-313A.html

third-party-advisoryx_refsource_CERT

EPSS Score

56% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 10, 2010
Vulnerability Reserved
Jun 30, 2010