CVE-2010-3217

Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/secunia_research/2010-76/	Vendor Advisory
http://www.securityfocus.com/archive/1/514298/100/0/threaded
http://www.securityfocus.com/archive/1/515440/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA10-285A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*

History

No history.

Information

Published : 2010-10-13 19:00

Updated : 2024-02-28 11:41

NVD link : CVE-2010-3217

Mitre link : CVE-2010-3217

CVE.ORG link : CVE-2010-3217

JSON object : View

Products Affected

microsoft

word

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2010-3217", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-10-13T19:00:44.697", "references": [{"url": "http://secunia.com/secunia_research/2010-76/", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/514298/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/515440/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka \"Word Pointer Vulnerability.\""}, {"lang": "es", "value": "Una vulnerabilidad de doble liberaci\u00f3n en Word 2002 SP3 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Word con registros de invalidaci\u00f3n de formato de lista (LFO) especialmente dise\u00f1ados, tambi\u00e9n se conoce como \"Word Pointer Vulnerability\"."}], "lastModified": "2018-10-12T21:58:15.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F02894C4-57A7-45FE-B9D2-1A0EE3ABA455"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}