CVE-2006-0029
https://notcve.org/view.php?id=CVE-2006-0029
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. • http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securityreason.com/securityalert/585 http://securityreason.com/securityalert/586 http://securitytracker.com/id?1015766 http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm http://www.kb.cert.org/vuls/id/235774 http://www.osvdb.org/23900 http://www.us-cert.gov/cas/techalerts/TA06-073A.html http://www.vupen.com/english/advisories/2006/0950 https://docs.microsoft.com/en-us/security-upda •
CVE-2006-0028 – Microsoft Excel File Format Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2006-0028
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of malformed BOOLERR records, user-supplied data may be insecurely referenced thereby leading to the eventual execution of arbitrary code. • http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securityreason.com/securityalert/583 http://securitytracker.com/id?1015766 http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm http://www.kb.cert.org/vuls/id/339878 http://www.osvdb.org/23899 http://www.securityfocus.com/archive/1/427632/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA06-073A.html http://www.vupen.com/english/advisories/2006/0950 http://www.zerodayinitiativ •
CVE-2005-4131 – Microsoft Excel 95/97/2000/2002/2003/2004 - Malformed Range Memory Corruption
https://notcve.org/view.php?id=CVE-2005-4131
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538. • https://www.exploit-db.com/exploits/26769 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538 http://informationweek.com/story/showArticle.jhtml?articleID=174910198 http://news.com.com/2061-10789_3-5988086.html http://news.zdnet.com/2100-1009_22-5989078.html http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securityreason.com/securityalert/584 http://securityreason.com/securityalert/591 http://securitytracker.com/id?1015333 http://securitytracker.com •
CVE-2004-0846
https://notcve.org/view.php?id=CVE-2004-0846
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated. Vulnerabilidad desconocida en Microsoft Excel 2000, 2002, 2001 para Mac y v.X para Mac permite a atacantes remotos ejecutar código de su elección mediante un fichero malicioso conteniendo ciertos parámetros que no son validados adecuadamente. • http://marc.info/?l=bugtraq&m=109779810827096&w=2 http://secunia.com/advisories/12800 http://www.ciac.org/ciac/bulletins/p-009.shtml http://www.kb.cert.org/vuls/id/274496 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/17653 https://exchange.xforce.ibmcloud.com/vulnerabilities/17683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2673 https://oval.cisecurity.org •
CVE-2002-1143 – Microsoft Word 95/97/98/2000/2002 - 'INCLUDEPICTURE' Document Sharing File Disclosure
https://notcve.org/view.php?id=CVE-2002-1143
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure." Microsoft Word y Excel permite a atacantes remotos robar información sensible mediante ciertos códigos de campo que insertan la información cuando el documento es devuelto al atacante, como ha sido demostrado en Word usando INCLUDETEXT o INCLUDEPICTURE, tambien conocido como "Fallo en campos de Word y actualizaciones externas de Excel podría conducir a revelamiento de Información" • https://www.exploit-db.com/exploits/21812 https://www.exploit-db.com/exploits/21764 http://marc.info/?l=bugtraq&m=103040003014999&w=2 http://marc.info/?l=bugtraq&m=103252858816401&w=2 http://www.iss.net/security_center/static/10008.php http://www.iss.net/security_center/static/10155.php http://www.kb.cert.org/vuls/id/899713 http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp http://www.securityfocus.com/bid/5586 htt •