Buffer Overflow Vulnerability in Microsoft Office Products
CVE-2010-3951

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Converter Pack; Office
Vendor: CVE Published:; 16 December 2010

What is CVE-2010-3951?

A buffer overflow exists in the FlashPix image converter used within Microsoft Office XP SP3 and the Office Converter Pack. This vulnerability allows attackers to execute arbitrary code by crafting a malicious FlashPix image embedded in an Office document. If successfully exploited, an attacker could gain the same user privileges as the current user, leading to unauthorized access to sensitive information or control over the affected system.

References

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1024887

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 16, 2010
Vulnerability Reserved
Oct 14, 2010