CVE-2010-3946

Name of the Vulnerable Software and Affected Versions Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office Converter Pack

Description The issue is related to an integer overflow in the PICT image converter, allowing remote attackers to execute arbitrary code via a crafted PICT image in an Office document. A remote code execution vulnerability exists in the way that Microsoft Office allocates buffer size when handling PICT image files. If a user opens an Office document containing a specially crafted PICT image, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office XP SP3, update to a version that fixes the integer overflow in the PICT image converter. For Microsoft Office 2003 SP3, update to a version that fixes the integer overflow in the PICT image converter. For Microsoft Office Converter Pack, update to a version that fixes the integer overflow in the PICT image converter. As a temporary workaround, consider avoiding the use of PICT image files in Office documents until a patch is available.