Memory Corruption in Microsoft Office Products Enables Remote Code Execution
CVE-2010-3335

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office
Vendor: CVE Published:; 10 November 2010

Summary

A vulnerability exists in various Microsoft Office products that allows remote attackers to execute arbitrary code by crafting malicious Office documents. This vulnerability arises from improper handling of specific drawing exceptions, leading to memory corruption. Successful exploitation could grant an attacker the same user rights as the logged-in user, potentially resulting in unauthorized access to sensitive information or system compromise. Users are advised to apply the necessary security updates to mitigate these risks.

References

http://www.securitytracker.com/id?1024705

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/42144

third-party-advisoryx_refsource_SECUNIA

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 10, 2010
Vulnerability Reserved
Sep 14, 2010