CVE-2010-3333
Microsoft Office Stack-based Buffer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
YesDecision
Descriptions
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
Desbordamiento de búfer basado en pila en Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 y 2008 para Mac, Office para Mac 2011 y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección mediante datos RTF manipulados, también conocido como "RTF Stack Buffer Overflow Vulnerability."
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-09-14 CVE Reserved
- 2010-11-10 CVE Published
- 2011-03-04 First Exploit
- 2022-03-03 Exploited in Wild
- 2022-03-24 KEV Due Date
- 2024-08-07 CVE Updated
- 2024-11-12 EPSS Updated
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880 | Third Party Advisory | |
| http://secunia.com/advisories/38521 | Third Party Advisory | |
| http://secunia.com/advisories/42144 | Third Party Advisory | |
| http://securityreason.com/securityalert/8293 | Third Party Advisory | |
| http://www.securityfocus.com/bid/44652 | Vdb Entry | |
| http://www.securitytracker.com/id?1024705 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA10-313A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2010/2923 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11931 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/18334 | 2012-01-08 | |
| https://www.exploit-db.com/exploits/17474 | 2011-07-03 | |
| https://www.exploit-db.com/exploits/16686 | 2011-03-04 | |
| https://www.exploit-db.com/exploits/24526 | 2013-02-20 | |
| https://github.com/Sunqiz/CVE-2010-3333-reproduction | 2022-08-15 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2004 Search vendor "Microsoft" for product "Office" and version "2004" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2008 Search vendor "Microsoft" for product "Office" and version "2008" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2010 Search vendor "Microsoft" for product "Office" and version "2010" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2011 Search vendor "Microsoft" for product "Office" and version "2011" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | xp Search vendor "Microsoft" for product "Office" and version "xp" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Open Xml File Format Converter Search vendor "Microsoft" for product "Open Xml File Format Converter" | * | mac |
Affected
| ||||||