Back
CVE-2010-3333
HIGH
CISA KEV
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
Published: Nov 10, 2010
Modified: Apr 22, 2026
CWE-787
CWE-787
CVSS Metrics
CVSSv3
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (8)
| Vendor | Product | Version |
|---|---|---|
| microsoft | office | 2003 |
| microsoft | office | 2004 |
| microsoft | office | 2007 |
| microsoft | office | 2008 |
| microsoft | office | 2010 |
| microsoft | office | 2011 |
| microsoft | office | xp |
| microsoft | open_xml_file_format_converter | - |
References (21)
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880 Broken Link
- http://secunia.com/advisories/38521 Broken Link
- http://secunia.com/advisories/42144 Broken Link
- http://securityreason.com/securityalert/8293 Broken Link
- http://www.securityfocus.com/bid/44652 Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1024705 Broken Link, Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA10-313A.html Third Party Advisory, US Government Resource
- http://www.vupen.com/english/advisories/2010/2923 Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11931 Broken Link
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880 Broken Link
- http://secunia.com/advisories/38521 Broken Link
- http://secunia.com/advisories/42144 Broken Link
- http://securityreason.com/securityalert/8293 Broken Link
- http://www.securityfocus.com/bid/44652 Broken Link, Third Party Advisory, VDB Entry
Risk Scores
CVSS Score
7.8 / 10
EPSS Score
93.79%
Top 0% most likely to be exploited
Threat Score
89.3 / 100
CISA Known Exploited
Date Added:
2022-03-03
Due Date:
2022-03-24
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS