MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

High Nessus Plugin ID 50528

Synopsis

Arbitrary code can be executed on the remote host through Microsoft Office.

Description

The remote Windows host is running a version of Microsoft Office that is affected by several vulnerabilities :

- An integer underflow exists in the way the application parses the PowerPoint file format, which could lead to heap corruption and allow for arbitrary code execution when opening a specially crafted PowerPoint file.
(CVE-2010-2573)

- A stack-based buffer overflow can be triggered when parsing specially crafted RTF files, leading to arbitrary code execution. (CVE-2010-3333)

- A memory corruption vulnerability exists in the way the application parses specially crafted Office files containing Office Art Drawing records. (CVE-2010-3334)

- A memory corruption vulnerability exists in the way drawing exceptions are handled when opening specially crafted Office files. (CVE-2010-3335)

- A memory corruption vulnerability exists in the way the application parses specially crafted Office files.
(CVE-2010-3336)

- A DLL preloading (aka binary planting) vulnerability exists because the application insecurely looks in its current working directory when resolving DLL dependencies. (CVE-2010-3337)

Solution

Microsoft has released a set of patches for Office XP, 2003, 2007, and 2010.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-087

Plugin Details

Severity: High

ID: 50528

File Name: smb_nt_ms10-087.nasl

Version: 1.33

Type: local

Agent: windows

Published: 2010/11/09

Updated: 2018/11/15

Dependencies: 11336, 57033, 27524

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/11/09

Vulnerability Publication Date: 2010/07/03

Exploitable With

Core Impact

Metasploit (MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format))

Reference Information

CVE: CVE-2010-2573, CVE-2010-3333, CVE-2010-3334, CVE-2010-3335, CVE-2010-3336, CVE-2010-3337

BID: 42628, 44628, 44652, 44656, 44659, 44660

EDB-ID: 17474

MSFT: MS10-087

MSKB: 2289158, 2289161, 2289169, 2289187