CVE-2008-4028 – Microsoft Office RTF Drawing Object Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4028
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a los atacantes remotos ejecutar código arbitrario por medio de palabras de control creadas relacionadas con múltiples etiquetas de Objeto de Dibujo en (1) un archivo RTF o (2) un mensaje de correo electrónico de texto enriquecido, que activa la asignación de memoria incorrecta y un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Word RTF Object Parsing Vulnerability," una vulnerabilidad diferente a la CVE-2008-4030. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft products including Word and Outlook. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists within the parsing of RTF documents containing multiple drawing object tags. First, code within wwlib.dll allocates a buffer for the tag object. • http://www.securityfocus.com/archive/1/499063/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 http://www.zerodayinitiative.com/advisories/ZDI-08-085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-4027 – Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-4027
Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." Vulnerabilidad de Doble Liberación en Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; y Office 2004 para Mac permite a los atacantes remotos ejecutar código arbitrario por medio de un (1) archivo RTF o (2) un mensaje de correo electrónico de texto enriquecido con múltiples etiquetas consecutivas de Objeto de Dibujo ("\do"), que desencadena una "memory calculation error" y una corrupción de memoria, también se conoce como "Word RTF Object Parsing Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing consecutive "\do" Drawing Object tags mso.dll does not properly verify the integrity of the object and frees a memory buffer twice, leading to heap corruption. • http://www.securityfocus.com/archive/1/499062/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 http://www.zerodayinitiative.com/advisories/ZDI-08-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6098 • CWE-399: Resource Management Errors •
CVE-2008-3471 – Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-3471
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability." Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 y SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac no asigna memoria adecuadamente cuando carga objetos Excel durante el análisis del formato de fichero de la hoja de cálculo Excel, lo cual permite a atacantes remotos ejecutar código de su elección a través de ficheros BIFF manipulados, también conocido como "Vulnerabilidad de Análisis de Formato de Fichero". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the victim to open the malformed BIFF (.xls) document. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed record, user-supplied data is copied into a stack-based buffer using a size that is calculated using contents from the record. • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32211 http://www.securityfocus.com/bid/31705 http://www.securitytracker.com/id?1021044 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2808 http://www.zerodayinitiative.com/advisories/ZDI-08-068 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 https://exchange. • CWE-787: Out-of-bounds Write •
CVE-2008-4019 – Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4019
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." Desbordamiento de entero en la función REPT en Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office SharePoint Server 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac, permite a atacantes remotos ejecutar código de su elección a través de un archivo Excel con una fórmula dentro de una celda. También conocida como "Vulnerabilidad de validación de Fórmula". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, or open a malicious file. The specific flaw exists when parsing Microsoft Excel documents containing a malformed REPT formula embedded inside a cell. • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32211 http://www.securityfocus.com/bid/31706 http://www.securitytracker.com/id?1021044 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2808 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 https://exchange.xforce.ibmcloud.com/vulnerabilities/45580 https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 https://oval.cis • CWE-190: Integer Overflow or Wraparound •
CVE-2008-3019
https://notcve.org/view.php?id=CVE-2008-3019
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office converter pack; y Work 8, no analizan gramaticalmente de forma adecuada la longitud del fichero PostScript encapsulado (EPS), lo que permite a los atacantes remotos ejecutar código arbitrario, a través de una fichero EPS manipulado, también conocido como "Vulnerabilidad de filtro EPS mal formado). • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31336 http://www.securityfocus.com/bid/30595 http://www.securitytracker.com/id?1020673 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2348 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6122 • CWE-399: Resource Management Errors •