9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Added: 11/16/2010
CVE: CVE-2010-3333
BID: 44652
OSVDB: 69085
Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations.
A stack buffer overflow vulnerability exists when Microsoft Word parses RTF documents. The vulnerability is due to lack of input validation when handling the values set for the **pFragments**
property.
Apply the patch referenced in Microsoft Security Bulletin 10-087.
<http://secunia.com/advisories/38521/>
Exploit works on Microsoft Office Word 2002 SP3, Word 2003 SP3, and Word 2007 SP2.
The user must open the exploit file in Microsoft Word on the target system.
Windows XP
Windows Vista