CVE-2010-1900

2010-08-1118:47:00

CWE-94

[email protected]

web.nvd.nist.gov

microsoft office

word

vulnerability

code execution

crafted file

memory corruption

cve-2010-1900

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.723 High

EPSS

Percentile

98.1%

JSON

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka “Word Record Parsing Vulnerability.”

CPENameOperatorVersion
microsoft:wordmicrosoft wordeq2002
microsoft:wordmicrosoft wordeq2007
microsoft:wordmicrosoft wordeq2003
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2004
microsoft:office_word_viewermicrosoft office word viewereq*
microsoft:office_compatibility_packmicrosoft office compatibility packeq2007
microsoft:worksmicrosoft workseq9.0

CPE	Name	Operator	Version
microsoft:word	microsoft word	eq	2002
microsoft:word	microsoft word	eq	2007
microsoft:word	microsoft word	eq	2003
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2004
microsoft:office_word_viewer	microsoft office word viewer	eq	*
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	2007
microsoft:works	microsoft works	eq	9.0