{"api_version":"1","generated_at":"2026-04-23T15:18:51+00:00","cve":"CVE-2010-3946","urls":{"html":"https://cve.report/CVE-2010-3946","api":"https://cve.report/api/cve/CVE-2010-3946.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-3946","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-3946"},"summary":{"title":"CVE-2010-3946","description":"Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka \"PICT Image Converter Integer Overflow Vulnerability.\"","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2010-12-16 19:33:00","updated_at":"2018-10-12 21:58:00"},"problem_types":["CWE-189"],"metrics":[],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105","name":"MS10-105","refsource":"MS","tags":[],"title":"Microsoft Security Bulletin MS10-105 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1024887","name":"1024887","refsource":"SECTRACK","tags":[],"title":"Microsoft Office Graphics Filters Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11967","name":"oval:org.mitre.oval:def:11967","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA10-348A.html","name":"TA10-348A","refsource":"CERT","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA10-348A -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-3946","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3946","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"3946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2003","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"3946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"xp","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"3946","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2003","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"3946","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"xp","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"3946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_converter_pack","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"3946","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_converter_pack","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2010-3946","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka \"PICT Image Converter Integer Overflow Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"TA10-348A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA10-348A.html"},{"name":"1024887","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1024887"},{"name":"oval:org.mitre.oval:def:11967","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11967"},{"name":"MS10-105","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105"}]}},"nvd":{"publishedDate":"2010-12-16 19:33:00","lastModifiedDate":"2018-10-12 21:58:00","problem_types":["CWE-189"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"3946","Ordinal":"46236","Title":"CVE-2010-3946","CVE":"CVE-2010-3946","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"3946","Ordinal":"1","NoteData":"Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka \"PICT Image Converter Integer Overflow Vulnerability.\"","Type":"Description","Title":null},{"CveYear":"2010","CveId":"3946","Ordinal":"2","NoteData":"2010-12-16","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"3946","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}