cvelistv5 - cve-2010-3336

CVE-2010-3336 (GCVE-0-2010-3336)

Vulnerability from cvelistv5

Published

2010-11-10 01:00

Modified

2024-08-07 03:03

Severity ?

CWE

Summary

Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."

References

URL

Tags

	http://www.securitytracker.com/id?1024705	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/42144	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11947	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/44660	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/38521	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/2923	vdb-entry, x_refsource_VUPEN
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087	vendor-advisory, x_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA10-313A.html	third-party-advisory, x_refsource_CERT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1024705",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024705"
          },
          {
            "name": "42144",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42144"
          },
          {
            "name": "oval:org.mitre.oval:def:11947",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11947"
          },
          {
            "name": "44660",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44660"
          },
          {
            "name": "38521",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38521"
          },
          {
            "name": "ADV-2010-2923",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2923"
          },
          {
            "name": "MS10-087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
          },
          {
            "name": "TA10-313A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"MSO Large SPID Read AV Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1024705",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024705"
        },
        {
          "name": "42144",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42144"
        },
        {
          "name": "oval:org.mitre.oval:def:11947",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11947"
        },
        {
          "name": "44660",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44660"
        },
        {
          "name": "38521",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38521"
        },
        {
          "name": "ADV-2010-2923",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2923"
        },
        {
          "name": "MS10-087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
        },
        {
          "name": "TA10-313A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"MSO Large SPID Read AV Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1024705",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024705"
            },
            {
              "name": "42144",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42144"
            },
            {
              "name": "oval:org.mitre.oval:def:11947",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11947"
            },
            {
              "name": "44660",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44660"
            },
            {
              "name": "38521",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38521"
            },
            {
              "name": "ADV-2010-2923",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2923"
            },
            {
              "name": "MS10-087",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
            },
            {
              "name": "TA10-313A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-3336",
    "datePublished": "2010-11-10T01:00:00.000Z",
    "dateReserved": "2010-09-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:03:18.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-543

Vulnerability from certfr_avis

Plusieurs vulnérabilités dans Microsoft Office permettent à un utilisateur malveillant d'exécuter du code avec les droits de l'utilisateur connecté.

Description

Plusieurs vulnérabilités dans Microsoft Office permettent à un utilisateur malveillant d'exécuter du code avec les droits de l'utilisateur connecté :

une possibilité de débordement de mémoire dans le traitement des fichiers au format RTF est exploitable au moyen d'un fichier spécialement conçu ;
des corruptions de mémoire dans les traitements de dessin et d'objets graphiques sont exploitables au moyen de fichiers Office spécialement construits ;
la gestion d'une violation d'accès est également exploitable en utilisant un fichier Office spécialement conçu ;
l'ordre de recherche des bibliothèques (DLL) est utilisable pour substituer une bibliothèque malveillante.

Solution

À la date du 10 novembre 2010, les correctifs pour Microsoft Office pour Mac 2004 et 2008 et pour Open XML File Format Converter ne sont pas encore disponibles.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP SP3, 2003 SP3, 2007 SP2 et 2010 ;
Microsoft	Office	Microsoft Office pour Mac 2004, 2008 et 2011 ;
Microsoft	Office	Open XML File Format Converter pour Mac.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-087 du 09 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP SP3, 2003 SP3, 2007 SP2 et 2010 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Mac 2004, 2008 et 2011 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Open XML File Format Converter pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Office permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code avec les droits de\nl\u0027utilisateur connect\u00e9\u00a0:\n\n-   une possibilit\u00e9 de d\u00e9bordement de m\u00e9moire dans le traitement des\n    fichiers au format RTF est exploitable au moyen d\u0027un fichier\n    sp\u00e9cialement con\u00e7u\u00a0;\n-   des corruptions de m\u00e9moire dans les traitements de dessin et\n    d\u0027objets graphiques sont exploitables au moyen de fichiers Office\n    sp\u00e9cialement construits\u00a0;\n-   la gestion d\u0027une violation d\u0027acc\u00e8s est \u00e9galement exploitable en\n    utilisant un fichier Office sp\u00e9cialement con\u00e7u\u00a0;\n-   l\u0027ordre de recherche des biblioth\u00e8ques (DLL) est utilisable pour\n    substituer une biblioth\u00e8que malveillante.\n\n## Solution\n\n\u00c0 la date du 10 novembre 2010, les correctifs pour Microsoft Office pour\nMac 2004 et 2008 et pour Open XML File Format Converter ne sont pas\nencore disponibles.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3336"
    },
    {
      "name": "CVE-2010-3337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3337"
    },
    {
      "name": "CVE-2010-3335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3335"
    },
    {
      "name": "CVE-2010-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3334"
    },
    {
      "name": "CVE-2010-3333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3333"
    }
  ],
  "initial_release_date": "2010-11-10T00:00:00",
  "last_revision_date": "2010-11-10T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-543",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Office permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code avec les droits de\nl\u0027utilisateur connect\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-087 du 09 novembre 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-3336 (GCVE-0-2010-3336)

Vulnerability from cvelistv5

CERTA-2010-AVI-543

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature