[email protected]CVE-2010-3215

HistoryOct 13, 2010 - 7:00 p.m.

CVE-2010-3215

2010-10-1319:00:00

CWE-94

[email protected]

web.nvd.nist.gov

microsoft word

office 2004

mac

cve-2010-3215

remote code execution

memory corruption

vulnerability

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.828 High

EPSS

Percentile

98.4%

JSON

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka “Word Return Value Vulnerability.”

CPENameOperatorVersion
microsoft:wordmicrosoft wordeq2002
microsoft:officemicrosoft officeeq2004

CPE	Name	Operator	Version
microsoft:word	microsoft word	eq	2002
microsoft:office	microsoft office	eq	2004

References

www.securityfocus.com/archive/1/514295/100/0/threaded

www.us-cert.gov/cas/techalerts/TA10-285A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6974

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.828 High

EPSS

Percentile

98.4%

JSON

Related for CVE-2010-3215

symantec1 prion1 securityvulns3 cvelist1 nessus2 seebug1 mskb1 openvas2