RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333)

Publish date: August 12, 2015

Severity: CRITICAL

CVE Identifier: CVE-2010-3333

Advisory Date: AUG 12, 2015

DESCRIPTION

Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."

TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

SOLUTION

Trend Micro Deep Security DPI Rule Number: 1005346

Trend Micro Deep Security DPI Rule Name: 1004498 - Word RTF File Parsing Stack Buffer Overflow Vulnerability

AFFECTED SOFTWARE AND VERSION

Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit editions)
Microsoft Office 2010 (64-bit editions)
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Microsoft Office for Mac 2011
microsoft office 2003
microsoft office 2004
microsoft office 2007
microsoft office 2008
microsoft office 2010
microsoft office 2011
microsoft office xp
microsoft open_xml_file_format_converter

Related Blog Entries

Related Vulnerability

Related Malware

Related Web Attack

Featured Stories

$One Flaw too Many: Vulnerabilities in SCADA Systems$
One Flaw too Many: Vulnerabilities in SCADA Systems
What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.
Read more
$Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry$
Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
We break down the digital attacks against the oil and gas industry and its supply chain.
Read more
$halloween exploits vulnerabilities bluekeep chrome zero days$
Halloween Exploits Scare: BlueKeep, Chrome’s Zero-Days in the Wild
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Read more
$PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web Servers$
PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web Servers
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.
Read more