Back
CVE-2010-2572
HIGH
CISA KEV
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
Published: Nov 10, 2010
Modified: Apr 22, 2026
CWE-120
CWE-120
CVSS Metrics
CVSSv3
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (2)
| Vendor | Product | Version |
|---|---|---|
| microsoft | powerpoint | 2002 |
| microsoft | powerpoint | 2003 |
References (7)
- http://www.us-cert.gov/cas/techalerts/TA10-313A.html Third Party Advisory, US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-088 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12195 Broken Link
- http://www.us-cert.gov/cas/techalerts/TA10-313A.html Third Party Advisory, US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-088 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12195 Broken Link
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2572 US Government Resource
Risk Scores
CVSS Score
7.8 / 10
EPSS Score
74.72%
Top 1% most likely to be exploited
Threat Score
83.6 / 100
CISA Known Exploited
Date Added:
2022-06-08
Due Date:
2022-06-22
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS