CVE-2010-3334Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
65.8%
top 1.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedNov 10
Latest updateMay 14

Description

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office7 versions+6

🔴Vulnerability Details

1
GHSA
GHSA-wfjg-hh7x-gpv7: Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Co2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities2007-06-21

🕵️Threat Intelligence

1
Zscaler
Zscaler provides Protection During MS Patch Cycle|11-09-2010
CVE-2010-3334 — Microsoft Office vulnerability | cvebase