CVE-2010-2571
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
Error de índice de matriz en pubconv.dll (también conocido como Publisher Converter DLL) en Microsoft Publisher 2002 Service Pack 3 y Service Pack 3 de 2003 permite a atacantes remotos ejecutar código de su elección a través de un archivo Publisher 97 manipulado, también conocido como "Vulnerabilidad de corrupción de memoria debido a índice no válido en una matriz en Pubconv.dll".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-06-30 CVE Reserved
- 2010-12-16 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1024885 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA10-348A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12298 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Publisher Search vendor "Microsoft" for product "Publisher" | 2002 Search vendor "Microsoft" for product "Publisher" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Publisher Search vendor "Microsoft" for product "Publisher" | 2003 Search vendor "Microsoft" for product "Publisher" and version "2003" | sp3 |
Affected
| ||||||