CVE-2010-3336Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
69.0%
top 1.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedNov 10
Latest updateMay 14

Description

Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-pv9g-qpfc-676g: Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execu2022-05-14
VulnCheck
Microsoft Office Improper Restriction of Operations within the Bounds of a Memory Buffer2010

💥Exploits & PoCs

2
Exploit-DB
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)2010-08-14
Exploit-DB
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities2007-06-21
CVE-2010-3336 — Microsoft Office vulnerability | cvebase