Microsoft Office is prone to an overflow condition. The PICT import filter suffers from an integer truncation error resulting in a heap-based overflow. With a specially crafted PICT image, a context-dependent attacker can potentially execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• CVE ID: 2010-3946 (see also: NVD)
• Secunia Advisory ID: 35600
• Related OSVDB ID: 69803 69805 69806 69807 69808 69809
• Microsoft Knowledge Base Article: 968095
• Vendor Specific News/Changelog Entry: http://blogs.technet.com/b/msrc/archive/2010/12/09/december-2010-advance-notification-service-is-released.aspx
• Other Advisory URL: http://secunia.com/secunia_research/2009-34/
• News Article: http://www.computerworld.com/s/article/9200642/Microsoft_slates_another_monster_Patch_Tuesday?taxonomyId=17&pageNumber=1
  http://www.informationweek.com/blog/main/archives/2010/12/patch_tuesday_t.html
  http://www.pcmag.com/article2/0,2817,2374148,00.asp
• Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
• Microsoft Security Bulletin: MS10-105

• Yamata Li - Palo Alto Networks
• Alin Rad Pop - Secunia Research