Buffer overflow in Microsoft Office

CVE-2010-3945

Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka…

Vulnerability class: Buffer Overflow

EPSS: 0.621 (98.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions xp, 2003
Microsoft Office_converter_pack
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

TA10-348A (US Government Resource, x_refsource_CERT, third-party-advisory)
1024887 (vdb-entry, x_refsource_SECTRACK)
oval:org.mitre.oval:def:12249 (x_refsource_OVAL, signature, vdb-entry)
MS10-105 (x_refsource_MS, vendor-advisory)