9.3 - CVE-2010-0033

Executive Summary

Informations
Name	CVE-2010-0033	First vendor Publication	2010-02-10
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0033

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7711

Oval ID:	oval:org.mitre.oval:def:7711
Title:	PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability
Description:	Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0033	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Office PowerPoint 2003
Definition Synopsis:
Microsoft PowerPoint 2003 is installed AND Powerpnt.exe is less than version 11.0.8318.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Powerpoint cpe:2.3:a:microsoft:powerpoint:2003:sp3::::::	1

SAINT Exploits

Description	Link
Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow	More info here

ExploitDB Exploits

id	Description
2010-09-25	Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow

OpenVAS Exploits

Date	Description
2010-02-10	Name : Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) File : nvt/secpod_ms10-004.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
62241	Microsoft Office Powerpoint TextBytesAtom Record Handling Remote Code Execution

Information Assurance Vulnerability Management (IAVM)

Date	Description
2010-02-18	IAVM : 2010-A-0028 - Multiple Remote Vulnerabilities in Microsoft Office PowerPoint Severity : Category II - VMSKEY : V0022682

Snort® IPS/IDS

Date	Description
2019-11-19	Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 51947 - Revision : 1 - Type : FILE-OFFICE
2019-11-19	Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 51946 - Revision : 1 - Type : FILE-OFFICE
2017-10-10	Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt RuleID : 44280 - Revision : 1 - Type : FILE-OFFICE
2017-01-25	Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 41094 - Revision : 2 - Type : FILE-OFFICE
2016-03-14	Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 36888 - Revision : 2 - Type : FILE-OFFICE
2014-11-16	Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 31437 - Revision : 2 - Type : FILE-OFFICE
2014-06-07	Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 30941 - Revision : 3 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt RuleID : 25527 - Revision : 5 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 20590 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt RuleID : 19894 - Revision : 18 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 19303 - Revision : 17 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 19296 - Revision : 15 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 16421 - Revision : 18 - Type : FILE-OFFICE
2015-05-28	Microsoft PowerPoint unbound memcpy and remote code execution attempt RuleID : 16413 - Revision : 6 - Type : WEB-CLIENT
2014-01-10	Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt RuleID : 16412 - Revision : 19 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 16411 - Revision : 15 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corrup... RuleID : 16410 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 16409 - Revision : 14 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date	Description
2010-10-20	Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_feb2010.nasl - Type : ACT_GATHER_INFO
2010-02-09	Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File : smb_nt_ms10-004.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://www.securitytracker.com/id?1023563
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:09:25	Multiple Updates
2024-11-28 12:20:50	Multiple Updates
2021-05-04 12:10:57	Multiple Updates
2021-04-22 01:11:26	Multiple Updates
2020-05-23 13:16:54	Multiple Updates
2020-05-23 00:25:02	Multiple Updates
2018-10-13 00:22:53	Multiple Updates
2017-09-19 09:23:34	Multiple Updates
2016-04-26 19:29:21	Multiple Updates
2014-02-17 10:53:05	Multiple Updates
2014-01-19 21:26:29	Multiple Updates
2013-11-11 12:38:32	Multiple Updates
2013-05-10 23:13:55	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	1
Sources(s)	4
Saint Exploit(s)	1
osvdb(s)	1
ExploitDB Exploit(s)	1
Openvas Exploit(s)	1
IAVM(s)	1
Snort® Rule(s)	18
Nessus® Exploit(s)	2

	Related
10	TA10-040A
9.3	MS10-004
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)