← back
CVE-2010-3333

CVE-2010-3333

CVSS 7.8 HIGHEPSS 89.5%● KEVCWE-787
In short

Microsoft Office versions fail to properly validate RTF file format data, allowing attackers to craft malicious files that overflow memory buffers and execute arbitrary code when opened by users.

Technical detail

Stack-based buffer overflow in RTF parsing across multiple Office versions (XP SP3, 2003 SP3, 2007 SP2, 2010, and Mac variants). Attack vector is remote via crafted RTF files; requires user interaction (opening malicious document). Impact allows arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found7
githubgithub.com/Sunqiz/CVE-2010-3333-reproduction1githubgithub.com/gousseine-systems/vuln-rabilit-windows70githubgithub.com/whiteHat001/cve-2010-33330exploitdbwww.exploit-db.com/exploits/24526unverifiedexploitdbwww.exploit-db.com/exploits/18334unverifiedexploitdbwww.exploit-db.com/exploits/17474unverifiedexploitdbwww.exploit-db.com/exploits/16686unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087http://secunia.com/advisories/38521http://secunia.com/advisories/42144http://securityreason.com/securityalert/8293https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11931https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3333http://www.securityfocus.com/bid/44652http://www.securitytracker.com/id?1024705http://www.us-cert.gov/cas/techalerts/TA10-313A.htmlhttp://www.vupen.com/english/advisories/2010/2923