CVE-2010-1901

2010-08-1118:47:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-1901

microsoft office

word

remote code execution

vulnerability

rtf document

memory corruption

7.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.941 High

EPSS

Percentile

99.1%

JSON

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka “Word RTF Parsing Engine Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:wordmicrosoft wordeq2002
microsoft:wordmicrosoft wordeq2007
microsoft:wordmicrosoft wordeq2003
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2004
microsoft:office_word_viewermicrosoft office word viewereq*
microsoft:office_compatibility_packmicrosoft office compatibility packeq2007

CPE	Name	Operator	Version
microsoft:word	microsoft word	eq	2002
microsoft:word	microsoft word	eq	2007
microsoft:word	microsoft word	eq	2003
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2004
microsoft:office_word_viewer	microsoft office word viewer	eq	*
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	2007