CVE-2010-3333

HIGH KEV

Microsoft Office - Stack-based Buffer Overflow via Crafted RTF Data

Title source: llm

Exploitation Summary

CVE-2010-3333 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 7 public exploits from researchers including g11tch, b33f & g11tch, Snake, including a Metasploit module exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.

AI-analyzed exploit summary This exploit generates a malicious Microsoft Office 2010 document that, when opened, downloads and executes a remote executable. It leverages a vulnerability in MS Office 2010 to achieve remote code execution (RCE).

Description

Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."

Exploits (7)

exploitdb WORKING POC VERIFIED

by g11tch · pythonremotewindows

https://www.exploit-db.com/exploits/24526

View Code ZIP pw:eip

This exploit generates a malicious Microsoft Office 2010 document that, when opened, downloads and executes a remote executable. It leverages a vulnerability in MS Office 2010 to achieve remote code execution (RCE).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Office 2010

No auth needed

Prerequisites: Remote executable URL · User interaction to open the document

MITRE ATT&CK

T1204.002 - Malicious File T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by b33f & g11tch · pythonlocalwindows

https://www.exploit-db.com/exploits/18334

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Microsoft Office 2003 (CVE-2010-3333) via a maliciously crafted RTF file. It leverages a shellcode payload to achieve remote code execution, tested on Windows XP SP1/2/3.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office 2003 (Home/Pro)

No auth needed

Prerequisites: Victim must open the malicious RTF file · Network access to download payload

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Snake · textlocalwindows

https://www.exploit-db.com/exploits/17474

View Code ZIP pw:eip

This exploit demonstrates a stack overflow vulnerability in MS Office 2010 RTF parsing, bypassing DEP/ASLR via ROP chains to achieve arbitrary code execution (calc.exe). It leverages HeapCreate() to allocate an executable heap and copies shellcode from the stack to this heap for execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Office 2010 (14.0.4734.1000)

No auth needed

Prerequisites: Victim opens malicious RTF file in vulnerable MS Office version

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16686

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Microsoft Word's RTF parser via the 'pFragments' shape property. It generates a malicious RTF file that triggers the vulnerability, leading to remote code execution on vulnerable systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office (2002, 2003, 2007) with vulnerable RTF parser

No auth needed

Prerequisites: Victim must open the malicious RTF file in a vulnerable version of Microsoft Word

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1566.001 - Spearphishing Attachment

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP 1 stars

by Sunqiz · client-side

https://github.com/Sunqiz/CVE-2010-3333-reproduction

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2010-3333, an RTF stack overflow vulnerability in Microsoft Office. It includes root cause analysis, patch details, and a walkthrough of the exploit mechanism, focusing on the incorrect handling of the 'pFragments' attribute in RTF files.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011

No auth needed

Prerequisites: Vulnerable version of Microsoft Office · Ability to deliver a malicious RTF file to the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec NO CODE

by whiteHat001 · poc

https://github.com/whiteHat001/cve-2010-3333

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by wushi of team509, unknown, jduck, DJ Manila Ice, Vesh, CA · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Microsoft Word's RTF parser via the 'pFragments' shape property. It targets multiple versions of Microsoft Office (2002, 2003, 2007) on various Windows platforms, using SEH overwrites and carefully crafted RTF files to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office (2002, 2003, 2007) with vulnerable RTF parser

No auth needed

Prerequisites: Victim must open a malicious RTF file in a vulnerable version of Microsoft Word

MITRE ATT&CK