PICT Image Converter Integer Overflow Vulnerability (CVE-2010-3946)

  Severity: CRITICAL
  CVE Identifier: CVE-2010-3946,MS10-105
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1004559
  Trend Micro Deep Security DPI Rule Name: 1004559 - PICT Image Converter Integer Overflow Vulnerability (CVE-2010-3946)

  AFFECTED SOFTWARE AND VERSION

  • microsoft office 2003
  • microsoft office xp
  • microsoft office_converter_pack