Vulners
Lucene search
Microsoft Office Drawing Shape Container Parsing Vulnerability
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Microsoft Office Art Drawing Records Code Execution (MS10-087; CVE-2010-3334) | 9 Nov 201000:00 | – | checkpoint_advisories |
| Microsoft Office Art Drawing Records Code Execution (MS10-087) - Ver2 (CVE-2010-3334) | 28 Dec 201400:00 | – | checkpoint_advisories |
 | CVE-2010-3334 | 10 Nov 201001:00 | – | cve |
 | CVE-2010-3334 | 10 Nov 201001:00 | – | cvelist |
 | MS10-087: Vulnerabilities in Microsoft Office could allow remote code execution | 21 Jun 201414:34 | – | mskb |
 | MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) (Mac OS X) | 9 Nov 201000:00 | – | nessus |
| MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) | 9 Nov 201000:00 | – | nessus |
 | CVE-2010-3334 | 10 Nov 201003:00 | – | nvd |
 | Microsoft Office Remote Code Execution Vulnerabilities (2423930) | 10 Nov 201000:00 | – | openvas |
| Microsoft Office Remote Code Execution Vulnerabilities (2423930) | 10 Nov 201000:00 | – | openvas |
10
======================================================================
Secunia Research 09/11/2010
- Microsoft Office Drawing Shape Container Parsing Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Microsoft Office XP SP3
* Microsoft Office 2003 SP3
* Microsoft Office 2007 SP2
* Microsoft Office 2010
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Where: From remote
======================================================================
3) Vendor's Description of Software
"Are you ready for a better way to get work done? Then you're ready
for Office XP. Now you can simplify your productivity, collaborate
more effectively, and take Office beyond the desktop.".
Product Link:
http://office.microsoft.com/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Microsoft Office,
which can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused by insufficient validation when parsing an
Office Art Drawing record, which contains "msofbtSp" records that
specify certain flags. This can be exploited to corrupt memory via a
specially crafted Office file.
Successful exploitation allows execution of arbitrary code.
======================================================================
5) Solution
Apply patches provided by MS10-087.
======================================================================
6) Time Table
12/02/2010 - Vendor notified.
12/02/2010 - Vendor response.
21/05/2010 - Vendor provides status update.
03/11/2010 - Vendor provides status update.
09/11/2010 - Public disclosure.
======================================================================
7) Credits
Discovered by Dyon Balding, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-3334 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-4/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Nov 2010 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.65803