SAINT CorporationSAINT:706E47C574D070CFC289811D3762111DMicrosoft Office FlashPix Image Converter Dictionary property buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.951 High
EPSS
Percentile
99.3%
Added: 12/14/2010
CVE: CVE-2010-3951
BID: 45278
OSVDB: 69808
Background
Microsoft Office is a package that provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. The suite ships with a set of image processing helper libraries known as graphics filters that support various image formats including FlashPix (FPX).
Problem
A buffer overflow vulnerability in the way Microsoft Office handles FlashPix image files allows remote attackers to execute arbitrary code by enticing a user to insert a malicious FlashPix image file into an Office document.
Resolution
Apply the patches referenced in Microsoft Security Bulletin 10-105.
References
<http://secunia.com/advisories/35600/>
Limitations
Exploit works on Microsoft Office XP SP3 and requires the user to insert the FPX image file in a Word document.
Platforms
Windows XP
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.951 High
EPSS
Percentile
99.3%