CVE-2010-0031 — Code Injection in Microsoft Office

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

57.3%

top 1.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Powerpoint

Timeline

PublishedFeb 10

Latest updateMay 2

Description

Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/powerpoint2002, 2003+1

▶NVDmicrosoft/office2004

🔴Vulnerability Details

GHSA

GHSA-495j-2cpg-h2g3: Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbi↗2022-05-02

▶

CVEList

CVE-2010-0031: Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbi↗2010-02-10

▶