CVE-2010-3334

2010-11-1003:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-3334

microsoft office

remote code execution

memory corruption

nvd

vulnerability

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.954 High

EPSS

Percentile

99.4%

JSON

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka “Office Art Drawing Records Vulnerability.”

CPENameOperatorVersion
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeqxp
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2011
microsoft:officemicrosoft officeeq2010
microsoft:officemicrosoft officeeq2003

CPE	Name	Operator	Version
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	xp
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2011
microsoft:office	microsoft office	eq	2010
microsoft:office	microsoft office	eq	2003