Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) |
Informations | |||
---|---|---|---|
Name | MS10-004 | First vendor Publication | 2010-02-09 |
Vendor | Microsoft | Last vendor Modification | 2010-02-09 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (February 9, 2010): Bulletin published.Summary: This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7711 | |||
Oval ID: | oval:org.mitre.oval:def:7711 | ||
Title: | PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0033 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8050 | |||
Oval ID: | oval:org.mitre.oval:def:8050 | ||
Title: | PowerPoint LinkedSlideAtom Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0030 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8081 | |||
Oval ID: | oval:org.mitre.oval:def:8081 | ||
Title: | PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability | ||
Description: | Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0031 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8268 | |||
Oval ID: | oval:org.mitre.oval:def:8268 | ||
Title: | Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0034 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8303 | |||
Oval ID: | oval:org.mitre.oval:def:8303 | ||
Title: | PowerPoint OEPlaceholderAtom Use After Free Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0032 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8410 | |||
Oval ID: | oval:org.mitre.oval:def:8410 | ||
Title: | PowerPoint File Path Handling Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0029 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2002 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 |
SAINT Exploits
Description | Link |
---|---|
Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption | More info here |
Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-09-25 | Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow |
OpenVAS Exploits
Date | Description |
---|---|
2010-02-10 | Name : Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) File : nvt/secpod_ms10-004.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62241 | Microsoft Office Powerpoint TextBytesAtom Record Handling Remote Code Execution |
62240 | Microsoft Office Powerpoint TextCharsAtom Record Handling Remote Code Execution |
62239 | Microsoft Office Powerpoint File Path Handling Overflow |
62238 | Microsoft Office Powerpoint LinkedSlideAtom Handling Remote Code Execution |
62237 | Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling ... |
62236 | Microsoft Office Powerpoint msofbtClientData Container OEPlaceholderAtom Use ... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-02-18 | IAVM : 2010-A-0028 - Multiple Remote Vulnerabilities in Microsoft Office PowerPoint Severity : Category II - VMSKEY : V0022682 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-11-19 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 51947 - Revision : 1 - Type : FILE-OFFICE |
2019-11-19 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 51946 - Revision : 1 - Type : FILE-OFFICE |
2017-10-10 | Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt RuleID : 44280 - Revision : 1 - Type : FILE-OFFICE |
2017-01-25 | Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 41094 - Revision : 2 - Type : FILE-OFFICE |
2016-03-14 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 36888 - Revision : 2 - Type : FILE-OFFICE |
2014-11-16 | Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 31437 - Revision : 2 - Type : FILE-OFFICE |
2014-06-07 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 30941 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt RuleID : 25527 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 20590 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt RuleID : 19894 - Revision : 18 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 19303 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 19296 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 16421 - Revision : 18 - Type : FILE-OFFICE |
2015-05-28 | Microsoft PowerPoint unbound memcpy and remote code execution attempt RuleID : 16413 - Revision : 6 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt RuleID : 16412 - Revision : 19 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 16411 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corrup... RuleID : 16410 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 16409 - Revision : 14 - Type : FILE-OFFICE |
Metasploit Database
id | Description |
---|---|
2010-02-09 | MS10-004 Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_feb2010.nasl - Type : ACT_GATHER_INFO |
2010-02-09 | Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File : smb_nt_ms10-004.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2015-05-28 21:26:36 |
|
2014-11-16 21:25:21 |
|
2014-06-07 21:22:28 |
|
2014-02-17 11:46:26 |
|
2014-01-19 21:30:25 |
|
2013-11-11 12:41:15 |
|