CVE-2010-3218Code Injection in Microsoft Word

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
58.7%
top 1.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Word
Timeline
PublishedOct 13
Latest updateMay 14

Description

Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/word2002

🔴Vulnerability Details

2
GHSA
GHSA-r78h-r76m-gfm8: Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka2022-05-14
CVEList
CVE-2010-3218: Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka2010-10-13

💥Exploits & PoCs

1
Exploit-DB
Google Earth 5.1.3535.3218 - 'quserex.dll' DLL Hijacking2010-08-25
CVE-2010-3218 — Code Injection in Microsoft Word | cvebase