Remote Code Execution Vulnerability in Microsoft Office XP Image Converter
CVE-2010-3952

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Converter Pack; Office
Vendor: CVE Published:; 16 December 2010

Summary

The FlashPix image converter utilized in Microsoft Office XP SP3 and the Office Converter Pack is susceptible to a security flaw that enables remote attackers to execute arbitrary code or lead to a denial of service. This vulnerability arises when specially crafted FlashPix images are processed within an Office document, leading to potential heap memory corruption. It is crucial for users and organizations employing these products to be aware of this weakness and apply necessary security patches to mitigate risks associated with malicious exploitation.

References

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1024887

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 16, 2010
Vulnerability Reserved
Oct 14, 2010