CVE-2010-3955

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICAL
EPSS
58.3%
top 1.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Publisher
Timeline
PublishedDec 16
Latest updateMay 14

Description

pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-f595-6hwf-pv87: pubconv2022-05-14
CVEList
CVE-2010-3955: pubconv2010-12-16
CVE-2010-3955 (CRITICAL CVSS 9.3) | pubconv.dll (aka the Publisher Conv | cvebase.io