Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-036.
Impact
Successful exploitation could allow an attacker to execute arbitrary code on the remote system.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx
Insight
The flaw is caused by an error when validating COM (Component Object Model) object instantiation, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel, PowerPoint, Publisher, Visio, or Word file.
Affected
Microsoft Office 2003 SP3.
Microsoft Office Word 2007 SP2 and prior.
Microsoft Office Word 2003 SP3 and prior.
Microsoft Office Excel 2003 SP3 and prior.
Microsoft Office Excel 2007 SP2 and prior.
Microsoft Office Visio 2007 SP2 and prior.
Microsoft Office Visio 2003 SP3 and prior.
2007 Microsoft Office System SP2 and prior.
Microsoft Office Publisher 2003 SP3 and prior.
Microsoft Office Publisher 2003 SP3 and prior.
Microsoft Office PowerPoint 2003 SP3 and prior.
Microsoft Office PowerPoint 2007 SP2 and prior.
References
Severity
Classification
-
CVE CVE-2010-1263 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482)
- Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
- Message Queuing Remote Code Execution Vulnerability (951071) - Remote
- Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
- Buffer Overrun in Messenger Service (828035)