Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1958D6CA16E64B9B1907ED06C1138DB1
HistoryFeb 12, 2010 - 12:00 a.m.

Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption

2010-02-1200:00:00
SAINT Corporation
my.saintcorporation.com
15

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.886 High

EPSS

Percentile

98.6%

JSON

Added: 02/12/2010
CVE: CVE-2010-0031
BID: 38103
OSVDB: 62237

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an OEPlaceholderAtom record with a specially crafted placementId parameter.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-004.

References

<http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx&gt;

Limitations

Exploit works on Microsoft PowerPoint 2003 SP3 and requires a user to open the exploit file in Microsoft PowerPoint.

The exploit is not executed until the exploit file is closed.

This exploit requires the IO::Uncompress::Gunzip and Compress::Zlib PERL modules from CPAN.

Platforms

Windows

Related

saint 3
securityvulns 3
checkpoint_advisories 2
seebug 2
prion 1
cvelist 1
cve 1
nessus 2
openvas 2
saint
saint
Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption
2010-02-12 00:00:00
Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption
2010-02-12 00:00:00
Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption
2010-02-12 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability
2010-02-12 00:00:00
Microsoft Security Bulletin MS10-004 - Important Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution &#40;975416&#41;
2010-02-10 00:00:00
Microsoft Office applications multiple security vulnerabilities
2010-02-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft PowerPoint OEPlaceholderAtom Arbitrary Array Indexing (MS10-004) - Ver2 (CVE-2010-0031)
2014-03-03 00:00:00
Microsoft PowerPoint OEPlaceholderAtom Arbitrary Array Indexing (MS10-004; CVE-2010-0031; CVE-2010-0032)
2010-02-09 00:00:00
seebug
seebug
Microsoft PowerPoint OEPlaceholderAtom记录无效数组索引漏洞(MS10-004)
2010-02-20 00:00:00
Microsoft PowerPoint &quot;OEPlaceholderAtom&quot; record vulnerability
2010-02-13 00:00:00
prion
prion
Security feature bypass
2010-02-10 18:30:00
cvelist
cvelist
CVE-2010-0031
2010-02-10 18:00:00
cve
cve
CVE-2010-0031
2010-02-10 18:30:00
nessus
nessus
MS10-003 / MS10-004: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (978214 / 975416) (Mac OS X)
2010-10-20 00:00:00
MS10-004: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
2010-02-09 00:00:00
openvas
openvas
Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
2010-02-10 00:00:00
Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
2010-02-10 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.886 High

EPSS

Percentile

98.6%

JSON
Related for SAINT:1958D6CA16E64B9B1907ED06C1138DB1
saint3securityvulns3checkpoint_advisories2seebug2prion1cvelist1cve1nessus2openvas2