Heap-Based Buffer Overflow in Microsoft Office Products
CVE-2010-3947

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Converter Pack; Office; Works
Vendor: CVE Published:; 16 December 2010

Summary

A heap-based buffer overflow exists in the TIFF image converter used by Microsoft Office XP SP3, Office Converter Pack, and Microsoft Works 9. This vulnerability allows remote attackers to exploit crafted TIFF images included in Office documents, potentially resulting in arbitrary code execution on the victim's machine. Attackers can leverage this flaw to manipulate system behavior or gain unauthorized access to sensitive information.

References

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1024887

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 16, 2010
Vulnerability Reserved
Oct 14, 2010