Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) |
| Informations | |||
|---|---|---|---|
| Name | MS10-087 | First vendor Publication | 2010-11-09 |
| Vendor | Microsoft | Last vendor Modification | 2011-04-12 |
| Severity (Vendor) | Critical | Revision | 2.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V2.1 (April 12, 2011): Announced that the security update for Microsoft Office 2004 for Mac (KB2505924) offered in MS11-021, MS11-022, and MS11-023 also addresses the vulnerabilities described in this security bulletin.Summary: This security update resolves one publicly disclosed vulnerability and five privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS10-087.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11439 | |||
| Oval ID: | oval:org.mitre.oval:def:11439 | ||
| Title: | Office Art Drawing Records Vulnerability | ||
| Description: | Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3334 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11739 | |||
| Oval ID: | oval:org.mitre.oval:def:11739 | ||
| Title: | Drawing Exception Handling Vulnerability | ||
| Description: | Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3335 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11929 | |||
| Oval ID: | oval:org.mitre.oval:def:11929 | ||
| Title: | Insecure Library Loading Vulnerability | ||
| Description: | Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3337 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Office 2007 Microsoft Office 2010 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11931 | |||
| Oval ID: | oval:org.mitre.oval:def:11931 | ||
| Title: | RTF Stack Buffer Overflow Vulnerability | ||
| Description: | Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3333 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11947 | |||
| Oval ID: | oval:org.mitre.oval:def:11947 | ||
| Title: | MSO Large SPID Read AV Vulnerability | ||
| Description: | Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3336 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Office XP |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Excel Drawing Exception Handling vulnerability | More info here |
| Microsoft Office RTF pFragments Property Stack Buffer Overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-07-03 | MS Office 2010 RTF Header Stack Overflow Vulnerability Exploit |
| 2011-03-04 | Microsoft Word RTF pFragments Stack Buffer Overflow (File Format) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-11 | Name : Microsoft Windows Insecure Library Loading Vulnerability (2269637) File : nvt/gb_ms_insecure_lib_loading_vuln.nasl |
| 2010-11-10 | Name : Microsoft Office Remote Code Execution Vulnerabilites (2423930) File : nvt/secpod_ms10-087.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69089 | Microsoft Office Insecure Library Loading Remote Code Execution Microsoft Office contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the way that Microsoft Office handles the loading of DLL files. It may allow execution of arbitrary code. |
| 69088 | Microsoft Office MSO Large SPID Read AV Remote Code Execution Microsoft Office contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to an error handling a large SPID can be exploited to corrupt memory via a specially crafted file. It may allow execution of arbitrary code. |
| 69087 | Microsoft Office Drawing Exception Handling Remote Code Execution Microsoft Office contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to a use-after-free error when handling parsing errors during parsing of Office Art records can be exploited via a specially crafted file. It may allow execution of arbitrary code. |
| 69086 | Microsoft Office Art Drawing Record Parsing Remote Code Execution Microsoft Office contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to Insufficient validation when parsing an Office Art Drawing record, which contains "msofbtSp" records that specify certain flags can be exploited to corrupt memory via a specially crafted Office file. It may allow execution of arbitrary code. |
| 69085 | Microsoft Office RTF Parsing Stack Overflow Microsoft Office contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to a boundary error when parsing a certain control word in RTF (Rich Text Format) formatted content can be exploited to cause a stack-based buffer overflow via a specially crafted file. It may allow execution of arbitrary code. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-02-27 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 45557 - Revision : 1 - Type : FILE-OFFICE |
| 2018-02-27 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 45556 - Revision : 1 - Type : FILE-OFFICE |
| 2017-08-23 | Microsoft Office RTF parsing remote code execution attempt RuleID : 43679 - Revision : 1 - Type : FILE-OFFICE |
| 2017-08-23 | Microsoft Office RTF parsing remote code execution attempt RuleID : 43678 - Revision : 1 - Type : FILE-OFFICE |
| 2014-01-18 | Win.Trojan.Egobot variant outbound connection RuleID : 28989 - Revision : 4 - Type : MALWARE-CNC |
| 2014-01-10 | Microsoft Office RTF malformed pfragments field RuleID : 25393 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | DNS request for known malware domain losang.dynamicdns.co.uk RuleID : 25069 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | Win.Trojan.Riler inbound connection RuleID : 25068 - Revision : 2 - Type : MALWARE-CNC |
| 2014-01-10 | Win.Trojan.Riler variant outbound connection RuleID : 25067 - Revision : 3 - Type : MALWARE-CNC |
| 2014-01-10 | Microsoft Office RTF malformed pfragments field RuleID : 22102 - Revision : 8 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF malformed pfragments field RuleID : 22101 - Revision : 7 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 22037 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 22036 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 22035 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel malformed MsoDrawingObject record attempt RuleID : 19260 - Revision : 16 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF malformed second pfragments field RuleID : 18706 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF malformed second pfragments field RuleID : 18705 - Revision : 11 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF malformed second pfragments field RuleID : 18704 - Revision : 13 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF malformed pfragments field RuleID : 18703 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF malformed pfragments field RuleID : 18702 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF malformed pfragments field RuleID : 18680 - Revision : 19 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF parsing remote code execution attempt RuleID : 18310 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office pptimpconv.dll dll-load exploit attempt RuleID : 18071 - Revision : 13 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office pptimpconv.dll dll-load exploit attempt RuleID : 18070 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Art drawing invalid shape identifier attempt RuleID : 18069 - Revision : 17 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel malformed MsoDrawingObject record attempt RuleID : 18068 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office RTF parsing remote code execution attempt RuleID : 18067 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 18063 - Revision : 11 - Type : FILE-OFFICE |
Metasploit Database
| id | Description |
|---|---|
| 2010-11-09 | MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format) |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-11-09 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_nov2010.nasl - Type : ACT_GATHER_INFO |
| 2010-11-09 | Name : Arbitrary code can be executed on the remote host through Microsoft Office. File : smb_nt_ms10-087.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2020-05-23 13:17:13 |
|
| 2016-04-26 23:01:57 |
|
| 2014-02-17 11:46:45 |
|
| 2014-01-19 21:30:33 |
|
