CVSS: 8.8EPSS: 75%CPEs: 5EXPL: 2CVE-2006-2492 – Microsoft Word Malformed Object Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2006-2492
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code. • http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx http://isc.sans.org/diary.php?storyid=1345 http://isc.sans.org/diary.php?storyid=1346 http://secunia.com/advisories/20153 http://securitytracker.com/id?1016130 http://www.kb.cert.org/vuls/id/446012 http://www.microsoft.com/technet/security/advisory/919637.mspx http://www.osvdb.org/25635 http://www.securityfocus.com/bid/18037 http://www.us-cert.gov/cas/techalerts/TA06-139A.html http://www.us- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.1EPSS: 47%CPEs: 13EXPL: 0CVE-2006-0009
https://notcve.org/view.php?id=CVE-2006-0009
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. • http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html http://blogs.securiteam.com/?author=28 http://blogs.securiteam.com/?p=557 http://blogs.securiteam.com/?p=559 http://isc.sans.org/diary.php?storyid=1618 http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securitytracker.com/id? •
CVSS: 7.5EPSS: 48%CPEs: 22EXPL: 0CVE-2004-0848
https://notcve.org/view.php?id=CVE-2004-0848
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. • http://www.kb.cert.org/vuls/id/416001 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/19107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A40 •
CVSS: 7.5EPSS: 93%CPEs: 16EXPL: 0CVE-2004-0573
https://notcve.org/view.php?id=CVE-2004-0573
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. Desbordamiento de búfer en el convertidor de Microsoft WordPerfect 5.x en Office 2000, Office XP, Offiece 2003 y las suites Works 2001 a 2004 permite a atacantes remotos ejecutar código de su elección mediante un documento o un sitio web malicioso. • http://marc.info/?l=bugtraq&m=109519646030906&w=2 http://secunia.com/advisories/12529 http://securitytracker.com/id?1011249 http://securitytracker.com/id?1011250 http://securitytracker.com/id?1011251 http://securitytracker.com/id? •
CVSS: 7.5EPSS: 10%CPEs: 27EXPL: 0CVE-2003-0820
https://notcve.org/view.php?id=CVE-2003-0820
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. Micrososft Word 97, 98(J), 2000 y 2002, y Micrososft Works Suites 2001 a 2004, no comprueban adecuadamente la longitud de valor de datos "Macro Names", lo que podría permitir a atacantes remotos ejecutar código arbitrario mediante un ataque de desbordamiento de búfer. • http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html http://www.security.nnov.ru/search/document.asp?docid=5243 http://www.securityfocus.com/bid/8835 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/13682 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585 https://oval.cisecur •