CVE-2010-3217
published 2010-10-13CVE-2010-3217: Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override…
PriorityP356critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
40.13%
98.5th percentile
Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | word | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2010-3217 exploits a double free vulnerability triggered by crafted List Format Override (LFO) records in a Word document, allowing code execution without user interaction upon opening a malicious .doc file in Word 2002 SP3. ↗
- →CVE-2010-3217 was used as part of malicious document (maldoc) infection chains, typically as a downloader stage that fetches a C-written binary from an attacker-controlled server and executes it — hunt for Word 2002 SP3 processes spawning unexpected child processes or network connections. ↗
- →The vulnerability is triggered specifically by crafted List Format Override (LFO) records inside a Word document — inspect incoming .doc files for anomalous LFO record structures as a detection signal. ↗
- ·Exploitation is limited to Microsoft Word 2002 SP3 specifically; other Word versions are not listed as affected by this CVE. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
http://secunia.com/secunia_research/2010-76/http://www.securityfocus.com/archive/1/514298/100/0/threadedhttp://www.securityfocus.com/archive/1/515440/100/0/threadedhttp://www.us-cert.gov/cas/techalerts/TA10-285A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695http://secunia.com/secunia_research/2010-76/http://www.securityfocus.com/archive/1/514298/100/0/threadedhttp://www.securityfocus.com/archive/1/515440/100/0/threadedhttp://www.us-cert.gov/cas/techalerts/TA10-285A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695
2010-10-13
Published