CVE-2010-3951

Name of the Vulnerable Software and Affected Versions Microsoft Office XP SP3 Microsoft Office Converter Pack

Description A remote code execution issue exists in the way Microsoft Office parses specially crafted FlashPix image files. This could allow remote code execution if a user opens an Office document containing a specially crafted FlashPix image. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights.

Recommendations For Microsoft Office XP SP3, update to a version that is not affected by this issue. For Microsoft Office Converter Pack, apply the necessary configuration changes to prevent the exploitation of this issue. As a temporary workaround, consider avoiding the use of FlashPix image files in Office documents until a patch is available.