Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability Network Vulnerability

Summary

This host is installed with Microsoft Word and is prone to null pointer dereference vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash). Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to error in 'MSO.dll' library which fails to handle the special crafted buffer in a file.

Affected

Microsoft Office Word 2003 sp3 on Windows.

References

http://seclists.org/bugtraq/2010/Sep/100
http://www.securityfocus.com/archive/1/archive/1/513679/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3200
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)
ejabberd XML Parsing Denial of Service Vulnerability (Windows)
Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
F-PROT AV 'ELF' Header Denial of Service Vulnerability

Take action and discover your vulnerabilities