Detections
Analytics

MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

high Nessus Plugin ID 50528

Language:

Synopsis

Arbitrary code can be executed on the remote host through Microsoft Office.

Description

The remote Windows host is running a version of Microsoft Office that is affected by several vulnerabilities :

 - An integer underflow exists in the way the application parses the PowerPoint file format, which could lead to heap corruption and allow for arbitrary code execution when opening a specially crafted PowerPoint file.
 (CVE-2010-2573)

 - A stack-based buffer overflow can be triggered when parsing specially crafted RTF files, leading to arbitrary code execution. (CVE-2010-3333)

 - A memory corruption vulnerability exists in the way the application parses specially crafted Office files containing Office Art Drawing records. (CVE-2010-3334)

 - A memory corruption vulnerability exists in the way drawing exceptions are handled when opening specially crafted Office files. (CVE-2010-3335)

 - A memory corruption vulnerability exists in the way the application parses specially crafted Office files.
 (CVE-2010-3336)

 - A DLL preloading (aka binary planting) vulnerability exists because the application insecurely looks in its current working directory when resolving DLL dependencies. (CVE-2010-3337)

Solution

Microsoft has released a set of patches for Office XP, 2003, 2007, and 2010.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-087

Plugin Details

Severity: High

ID: 50528

File Name: smb_nt_ms10-087.nasl

Version: 1.34

Type: local

Agent: windows

Published: 11/9/2010

Updated: 3/8/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2010-3337

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/9/2010

Vulnerability Publication Date: 7/3/2010

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Exploitable With

Core Impact

Metasploit (MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format))

Reference Information

CVE: CVE-2010-2573, CVE-2010-3333, CVE-2010-3334, CVE-2010-3335, CVE-2010-3336, CVE-2010-3337

BID: 42628, 44628, 44652, 44656, 44659, 44660

MSFT: MS10-087

MSKB: 2289158, 2289161, 2289169, 2289187