CVE-2010-1902 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

53.5%

top 2.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Compatibility Pack Microsoft Word

Timeline

PublishedAug 11

Latest updateMay 14

Description

Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka "Word RTF Parsing Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/office_compatibility_pack2007

▶NVDmicrosoft/word2002, 2003, 2007+2

▶NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

GHSA

GHSA-gvvf-v65f-jf8j: Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for↗2022-05-14

▶

CVEList

CVE-2010-1902: Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for↗2010-08-11

▶