CVE-2010-1263Code Injection in Microsoft Office

CWE-94Code Injection2 documents2 sources
Severity
9.3CRITICALNVD
EPSS
48.0%
top 2.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedJun 8
Latest updateMay 2

Description

Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office2003, 2007, xp+2

🔴Vulnerability Details

1
GHSA
GHSA-w47q-999h-2h55: Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and2022-05-02
CVE-2010-1263 — Code Injection in Microsoft Office | cvebase