CVE-2010-3215 — Code Injection in Microsoft Office
Severity
9.3CRITICALNVD
EPSS
56.6%
top 1.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 13
Latest updateMay 14
Description
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-r922-66fj-rg53: Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remot↗2022-05-14
CVEList▶
CVE-2010-3215: Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remot↗2010-10-13