CVE-2010-2572

Warning

EPSS 69.87%
Published 10.11.2010 03:00:01
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."

Affected products Warnungen 1 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Powerpoint Version2002 Updatesp3

Microsoft ≫ Powerpoint Version2003 Updatesp3

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft PowerPoint Buffer Overflow Vulnerability

Vulnerability

Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	69.87%	0.986

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://www.us-cert.gov/cas/techalerts/TA10-313A.html

Third Party Advisory

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-088

Patch

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12195

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2010-2572

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2572

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2572

EUVD