CVE-2010-1901 — HIGH (9.3) — White Hats Nepal

Vulnerability Description

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Microsoft	Word	2002
Microsoft	Office	2004
Microsoft	Open Xml File Format Converter	All versions
Microsoft	Office Compatibility Pack	2007
Microsoft	Office Word Viewer	All versions

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2010-1901?

CVE-2010-1901 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Exce...

How severe is CVE-2010-1901?

CVE-2010-1901 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1901?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Word, Microsoft Office, Microsoft Open Xml File Format Converter, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer.