CVE-2010-2572
HIGH KEVMicrosoft PowerPoint 2002 SP3 and 2003 SP3 - Remote Code Execution via Crafted PowerPoint 95 Document
Title source: llmExploitation Summary
CVE-2010-2572 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.
Description
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
References (4)
Core 4
Core References
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12195
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-088
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-313A.html
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2572
Scores
CVSS v3
7.8
EPSS
0.7472
EPSS Percentile
98.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2016-01-24
InTheWild.io
2013-10-10
ENISA EUVD
EUVD-2010-2576
CWE
CWE-120
Status
published
Products (2)
microsoft/powerpoint
2002 sp3
microsoft/powerpoint
2003 sp3
Published
Nov 10, 2010
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026