Vulnerability Name: | CVE-2010-3946 (CCN-63531) | ||||||||
Assigned: | 2010-12-14 | ||||||||
Published: | 2010-12-14 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-189 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2010-3946 Source: CCN Type: SA35600 Microsoft Office Graphics Filters Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1024887 Microsoft Office Graphics Filters Let Remote Users Execute Arbitrary Code Source: CCN Type: Microsoft Security Bulletin MS12-028 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185) Source: CCN Type: Microsoft Security Bulletin MS12-057 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879) Source: CCN Type: Microsoft Security Bulletin MS12-065 Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670) Source: CCN Type: Microsoft Security Bulletin MS13-072 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537) Source: CCN Type: Microsoft Security Bulletin MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Source: CCN Type: Microsoft Security Bulletin MS13-086 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084) Source: CCN Type: Microsoft Security Bulletin MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605) Source: CCN Type: Microsoft Security Bulletin MS14-017 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) Source: CCN Type: Microsoft Security Bulletin MS14-034 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) Source: CCN Type: Microsoft Security Bulletin MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) Source: CCN Type: Microsoft Security Bulletin MS14-069 Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710) Source: CCN Type: Microsoft Security Bulletin MS14-081 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301) Source: CCN Type: Microsoft Security Bulletin MS14-083 Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Source: CCN Type: Microsoft Security Bulletin MS15-081 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) Source: CCN Type: Microsoft Security Bulletin MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) Source: CCN Type: Microsoft Security Bulletin MS15-110 Security Updates for Microsoft Office (3096440) Source: CCN Type: Microsoft Security Bulletin MS15-116 Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS16-004 Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029 Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-042 Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: CCN Type: Microsoft Security Bulletin MS10-105 Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) Source: CCN Type: BID-45273 Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1024887 Source: CERT Type: US Government Resource TA10-348A Source: MS Type: UNKNOWN MS10-105 Source: XF Type: UNKNOWN ms-office-pict-code-execution(63531) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11967 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |