CVE-2010-3952Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
61.0%
top 1.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedDec 16
Latest updateMay 14

Description

The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-mmxq-2794-vggw: The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Easy File Sharing FTP Server 2.0 - PASS Overflow (Metasploit)2010-05-09

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 12-14-2010
CVE-2010-3952 — Microsoft Office vulnerability | cvebase