Executive Summary

Summary
Title Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Informations
Name MS10-004 First vendor Publication 2010-02-09
Vendor Microsoft Last vendor Modification 2010-02-09
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.0 (February 9, 2010): Bulletin published.Summary: This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7711
 
Oval ID: oval:org.mitre.oval:def:7711
Title: PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability
Description: Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0033
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8050
 
Oval ID: oval:org.mitre.oval:def:8050
Title: PowerPoint LinkedSlideAtom Heap Overflow Vulnerability
Description: Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0030
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2002
Microsoft Office PowerPoint 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8081
 
Oval ID: oval:org.mitre.oval:def:8081
Title: PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability
Description: Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0031
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2002
Microsoft Office PowerPoint 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8268
 
Oval ID: oval:org.mitre.oval:def:8268
Title: Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability
Description: Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0034
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8303
 
Oval ID: oval:org.mitre.oval:def:8303
Title: PowerPoint OEPlaceholderAtom Use After Free Vulnerability
Description: Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0032
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2002
Microsoft Office PowerPoint 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8410
 
Oval ID: oval:org.mitre.oval:def:8410
Title: PowerPoint File Path Handling Buffer Overflow Vulnerability
Description: Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0029
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2002
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 2

SAINT Exploits

Description Link
Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption More info here
Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow More info here

ExploitDB Exploits

id Description
2010-09-25 Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow

OpenVAS Exploits

Date Description
2010-02-10 Name : Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
File : nvt/secpod_ms10-004.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62241 Microsoft Office Powerpoint TextBytesAtom Record Handling Remote Code Execution

62240 Microsoft Office Powerpoint TextCharsAtom Record Handling Remote Code Execution

62239 Microsoft Office Powerpoint File Path Handling Overflow

62238 Microsoft Office Powerpoint LinkedSlideAtom Handling Remote Code Execution

62237 Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling ...

62236 Microsoft Office Powerpoint msofbtClientData Container OEPlaceholderAtom Use ...

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-02-18 IAVM : 2010-A-0028 - Multiple Remote Vulnerabilities in Microsoft Office PowerPoint
Severity : Category II - VMSKEY : V0022682

Snort® IPS/IDS

Date Description
2019-11-19 Microsoft Office PowerPoint out of bounds value remote code execution attempt
RuleID : 51947 - Revision : 1 - Type : FILE-OFFICE
2019-11-19 Microsoft Office PowerPoint out of bounds value remote code execution attempt
RuleID : 51946 - Revision : 1 - Type : FILE-OFFICE
2017-10-10 Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt
RuleID : 44280 - Revision : 1 - Type : FILE-OFFICE
2017-01-25 Microsoft Office PowerPoint improper filename remote code execution attempt
RuleID : 41094 - Revision : 2 - Type : FILE-OFFICE
2016-03-14 Microsoft Office PowerPoint out of bounds value remote code execution attempt
RuleID : 36888 - Revision : 2 - Type : FILE-OFFICE
2014-11-16 Microsoft Office PowerPoint improper filename remote code execution attempt
RuleID : 31437 - Revision : 2 - Type : FILE-OFFICE
2014-06-07 Microsoft Office PowerPoint out of bounds value remote code execution attempt
RuleID : 30941 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt
RuleID : 25527 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint out of bounds value remote code execution attempt
RuleID : 20590 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt
RuleID : 19894 - Revision : 18 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint out of bounds value remote code execution attempt
RuleID : 19303 - Revision : 17 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint improper filename remote code execution attempt
RuleID : 19296 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint out of bounds value remote code execution attempt
RuleID : 16421 - Revision : 18 - Type : FILE-OFFICE
2015-05-28 Microsoft PowerPoint unbound memcpy and remote code execution attempt
RuleID : 16413 - Revision : 6 - Type : WEB-CLIENT
2014-01-10 Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt
RuleID : 16412 - Revision : 19 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint out of bounds value remote code execution attempt
RuleID : 16411 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corrup...
RuleID : 16410 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint improper filename remote code execution attempt
RuleID : 16409 - Revision : 14 - Type : FILE-OFFICE

Metasploit Database

id Description
2010-02-09 MS10-004 Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow

Nessus® Vulnerability Scanner

Date Description
2010-10-20 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms_office_feb2010.nasl - Type : ACT_GATHER_INFO
2010-02-09 Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint.
File : smb_nt_ms10-004.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2020-05-23 13:17:13
  • Multiple Updates
2015-05-28 21:26:36
  • Multiple Updates
2014-11-16 21:25:21
  • Multiple Updates
2014-06-07 21:22:28
  • Multiple Updates
2014-02-17 11:46:26
  • Multiple Updates
2014-01-19 21:30:25
  • Multiple Updates
2013-11-11 12:41:15
  • Multiple Updates