MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

high Nessus Plugin ID 50528

Synopsis

Arbitrary code can be executed on the remote host through Microsoft Office.

Description

The remote Windows host is running a version of Microsoft Office that is affected by several vulnerabilities :

- An integer underflow exists in the way the application parses the PowerPoint file format, which could lead to heap corruption and allow for arbitrary code execution when opening a specially crafted PowerPoint file.
(CVE-2010-2573)

- A stack-based buffer overflow can be triggered when parsing specially crafted RTF files, leading to arbitrary code execution. (CVE-2010-3333)

- A memory corruption vulnerability exists in the way the application parses specially crafted Office files containing Office Art Drawing records. (CVE-2010-3334)

- A memory corruption vulnerability exists in the way drawing exceptions are handled when opening specially crafted Office files. (CVE-2010-3335)

- A memory corruption vulnerability exists in the way the application parses specially crafted Office files.
(CVE-2010-3336)

- A DLL preloading (aka binary planting) vulnerability exists because the application insecurely looks in its current working directory when resolving DLL dependencies. (CVE-2010-3337)

Solution

Microsoft has released a set of patches for Office XP, 2003, 2007, and 2010.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-087

Plugin Details

Severity: High

ID: 50528

File Name: smb_nt_ms10-087.nasl

Version: 1.34

Type: local

Agent: windows

Published: 11/9/2010

Updated: 3/8/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2010-3337

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/9/2010

Vulnerability Publication Date: 7/3/2010

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Exploitable With

Core Impact

Metasploit (MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format))

Reference Information

CVE: CVE-2010-2573, CVE-2010-3333, CVE-2010-3334, CVE-2010-3335, CVE-2010-3336, CVE-2010-3337

BID: 42628, 44628, 44652, 44656, 44659, 44660

MSFT: MS10-087

MSKB: 2289158, 2289161, 2289169, 2289187