ID |
CVE-2010-3217
|
Summary |
Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 9.3 (as of 12-10-2018 - 21:58) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
msbulletin
via4
|
bulletin_id | MS10-079 | bulletin_url | | date | 2010-10-12T00:00:00 | impact | Remote Code Execution | knowledgebase_id | 2293194 | knowledgebase_url | | severity | Important | title | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution |
|
oval
via4
|
accepted | 2012-05-28T04:02:10.205-04:00 | class | vulnerability | contributors | name | Josh Turpin | organization | Symantec Corporation |
name | Josh Turpin | organization | Symantec Corporation |
name | Shane Shaffer | organization | G2, Inc. |
| definition_extensions | comment | Microsoft Word 2002 is installed | oval | oval:org.mitre.oval:def:973 |
| description | Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." | family | windows | id | oval:org.mitre.oval:def:6695 | status | accepted | submitted | 2009-11-10T13:00:00 | title | Word Pointer Vulnerability | version | 8 |
|
refmap
via4
|
bugtraq | - 20101014 VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217)
- 20101223 Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability
| cert | TA10-285A | misc | http://secunia.com/secunia_research/2010-76/ |
|
Last major update |
12-10-2018 - 21:58 |
Published |
13-10-2010 - 19:00 |
Last modified |
12-10-2018 - 21:58 |