Integer Overflow in PICT Image Converter for Microsoft Office Products
CVE-2010-3946

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Converter Pack; Office
Vendor: CVE Published:; 16 December 2010

What is CVE-2010-3946?

An integer overflow flaw exists in the PICT image converter within the graphics filters of Microsoft Office. This vulnerability can be exploited by remote attackers through specially crafted PICT images embedded in Office documents. When these documents are processed by vulnerable versions of Microsoft Office XP SP3 or Office 2003 SP3, it could result in arbitrary code execution, compromising the affected system's integrity and potentially allowing unauthorized actions. Security updates are available to mitigate this issue.

References

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1024887

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

66% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2010
Vulnerability Reserved
Oct 14, 2010