CVE-2010-3955

CVE Database · CVE-2010-3955

CVE-2010-3955

· N/AModified

CVSS v3.1

N/A

EPSS

18.93%

Published

Dec 16, 2010

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."

Weaknesses (CWE)

CWE-94

Affected Products (1)

microsoft · publishervulnerable

References (8)

http://www.securitytracker.com/id?1024885

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12277

http://www.securitytracker.com/id?1024885

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12277

KEV Catalog EPSS Scores Vendors All CVEs