ID CVE-2010-3946
Summary Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:58)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS10-105
bulletin_url
date 2010-12-14T00:00:00
impact Remote Code Execution
knowledgebase_id 968095
knowledgebase_url
severity Important
title Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution
oval via4
accepted 2015-08-10T04:00:08.150-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Office XP is installed
    oval oval:org.mitre.oval:def:663
  • comment Microsoft Office 2003 is installed
    oval oval:org.mitre.oval:def:233
  • comment Microsoft Office Converter Pack is installed
    oval oval:org.mitre.oval:def:28520
description Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
family windows
id oval:org.mitre.oval:def:11967
status accepted
submitted 2010-12-14T14:00:00
title PICT Image Converter Integer Overflow Vulnerability
version 16
refmap via4
cert TA10-348A
sectrack 1024887
Last major update 12-10-2018 - 21:58
Published 16-12-2010 - 19:33
Last modified 12-10-2018 - 21:58
Back to Top