| Vulnerability Name: | CVE-2010-3333 (CCN-62784) | ||||||||
| Assigned: | 2010-11-09 | ||||||||
| Published: | 2010-11-09 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-3333 Source: IDEFENSE Type: UNKNOWN 20101109 Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability Source: CCN Type: SA38521 Microsoft Office Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 38521 Source: CCN Type: SA42144 Microsoft Office for Mac Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 42144 Source: SREASON Type: UNKNOWN 8293 Source: CCN Type: SECTRACK ID: 1024705 Microsoft Office Flaws Let Remote Users Execute Arbitrary Code Source: CCN Type: Microsoft Security Bulletin MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) Source: CCN Type: Microsoft Security Bulletin MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Source: CCN Type: Microsoft Security Bulletin MS14-083 Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: CCN Type: IBM Internet Security Systems Protection Alert Microsoft Office RTF Could Allow Remote Code Execution Source: CCN Type: Microsoft Security Bulletin MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) Source: CCN Type: Microsoft Security Bulletin MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) Source: CCN Type: Microsoft Security Bulletin MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293) Source: CCN Type: Microsoft Security Bulletin MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) Source: CCN Type: Microsoft Security Bulletin MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) Source: BID Type: UNKNOWN 44652 Source: CCN Type: BID-44652 Microsoft Office RTF File Stack Buffer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1024705 Source: CERT Type: US Government Resource TA10-313A Source: VUPEN Type: UNKNOWN ADV-2010-2923 Source: MS Type: UNKNOWN MS10-087 Source: XF Type: UNKNOWN ms-office-rtf-bo(62784) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11931 Source: CCN Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY KNOWN EXPLOITED VULNERABILITIES CATALOG Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [03-04-2011] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [07-03-2011] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [04-18-2012] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||