Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-036.
Impact
Successful exploitation could allow an attacker to execute arbitrary code on the remote system.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx
Insight
The flaw is caused by an error when validating COM (Component Object Model) object instantiation, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel, PowerPoint, Publisher, Visio, or Word file.
Affected
Microsoft Office 2003 SP3.
Microsoft Office Word 2007 SP2 and prior.
Microsoft Office Word 2003 SP3 and prior.
Microsoft Office Excel 2003 SP3 and prior.
Microsoft Office Excel 2007 SP2 and prior.
Microsoft Office Visio 2007 SP2 and prior.
Microsoft Office Visio 2003 SP3 and prior.
2007 Microsoft Office System SP2 and prior.
Microsoft Office Publisher 2003 SP3 and prior.
Microsoft Office Publisher 2003 SP3 and prior.
Microsoft Office PowerPoint 2003 SP3 and prior.
Microsoft Office PowerPoint 2007 SP2 and prior.
References
Severity
Classification
-
CVE CVE-2010-1263 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (933566)
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)
- Cumulative Security Update for Internet Explorer (956390)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Consent User Interface Privilege Escalation Vulnerability (2442962)