Think you have a false positive on this rule?

Sid 1-45556

Message

FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt

Summary

This event is generated when a malformed embedded Office Art drawing is detected.

Impact

Attempted User Privilege Gain

CVE-2010-3334:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-3334: Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."

Affected systems

  • microsoft office 2003
  • microsoft office 2004
  • microsoft office 2007
  • microsoft office 2008
  • microsoft office 2010
  • microsoft office 2011
  • microsoft office xp
  • microsoft openxmlfileformatconverter *

Ease of attack

CVE-2010-3334:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • technet.microsoft.com/en-us/security/bulletin/MS10-087