| ID |
CVE-2010-3946
|
| Summary |
Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 12-10-2018 - 21:58) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-189 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS10-105 | | bulletin_url | | | date | 2010-12-14T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 968095 | | knowledgebase_url | | | severity | Important | | title | Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution |
|
| oval
via4
|
| accepted | 2015-08-10T04:00:08.150-04:00 | | class | vulnerability | | contributors | | name | Dragos Prisaca | | organization | Symantec Corporation |
| name | Dragos Prisaca | | organization | G2, Inc. |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | definition_extensions | | comment | Microsoft Office XP is installed | | oval | oval:org.mitre.oval:def:663 |
| comment | Microsoft Office 2003 is installed | | oval | oval:org.mitre.oval:def:233 |
| comment | Microsoft Office Converter Pack is installed | | oval | oval:org.mitre.oval:def:28520 |
| | description | Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:11967 | | status | accepted | | submitted | 2010-12-14T14:00:00 | | title | PICT Image Converter Integer Overflow Vulnerability | | version | 16 |
|
| refmap
via4
|
| cert | TA10-348A | | sectrack | 1024887 |
|
| Last major update |
12-10-2018 - 21:58 |
| Published |
16-12-2010 - 19:33 |
| Last modified |
12-10-2018 - 21:58 |
