Page 15 of 99 results (0.013 seconds)

CVSS: 4.3EPSS: 94%CPEs: 41EXPL: 1

CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)

https://notcve.org/view.php?id=CVE-2008-4033

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expression Web, Office, Internet Explorer y otros productos; permite a atacantes remotos obtener información sensible de otro dominio y corromper el estado de la sesión a través de solicitudes de campos de cabecera HTTP, como se ha demostrado con el campo Transfer-Encoding. También se conoce como "Vulnerabilidad de la solicitud de la cabecera MSXML". • https://www.exploit-db.com/exploits/7196 http://marc.info/?l=bugtraq&m=122703006921213&w=2 http://securitytracker.com/id?1021164 http://www.securityfocus.com/bid/32204 http://www.us-cert.gov/cas/techalerts/TA08-316A.html http://www.vupen.com/english/advisories/2008/3111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 68%CPEs: 10EXPL: 0

CVE-2008-1455

https://notcve.org/view.php?id=CVE-2008-1455

A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability." Un error en el cálculo de memoria en Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, y 2007 incluyendo el SP1; y Compatibility Pack para Word, Excel, and PowerPoint 2007 incluyendo el SP1; y Office 2004 para Mac, permite a atacantes remotos ejecutar código de su elección a través de un archivo PowerPoint con una lista de valores manipulados, lo que lanza una corrupción de memoria. También conocida como "Vulnerabilidad de desbordamiento en validación". • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31453 http://www.securityfocus.com/bid/30579 http://www.securitytracker.com/id?1020676 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2355 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5555 • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 2%CPEs: 9EXPL: 5

CVE-2008-2752 – Microsoft Word 2000/2002 - Bulleted List Handling Remote Memory Corruption

https://notcve.org/view.php?id=CVE-2008-2752

Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. Microsoft Word 2000 9.0.2812 y 2003 11.8106.8172, no gestiona correctamente las listas desordenadas, lo que permite a atacantes asistidos por el usuario, provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrariamente a través de un archivo .doc manipulado. NOTA: alguno de estos detalles han sido obtenidos de información de terceros. • https://www.exploit-db.com/exploits/31934 http://www.nullcode.com.ar/ncs/crash/video.htm http://www.nullcode.com.ar/ncs/crash/video2.htm http://www.securityfocus.com/bid/29769 http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-1.doc http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-2.doc http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-3.doc http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-4.doc https: • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 76%CPEs: 12EXPL: 0

CVE-2008-1434

https://notcve.org/view.php?id=CVE-2008-1434

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. Una vulnerabilidad de uso de la memoria previamente liberada en Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un documento HTML con un gran número de Cascading Style Sheets (CSS), relacionado con un "memory handling error" que desencadena una corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700 http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30143 http://www.securityfocus.com/bid/29105 http://www.securitytracker.com/id?1020014 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1504/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026 https://oval.cisecurity.org/repository/search/definit • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 72%CPEs: 12EXPL: 0

CVE-2008-1091 – Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2008-1091

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." Vulnerabilidad no especificada de Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrariamente a través de un archivo de Formato de Texto Enriquecido (.rtf) con una cadena mal formada que provoca un “error de cálculo en memoria” y un desbordamiento de búfer basado en el montículo (heap), también conocido como “Vulnerabilidad de análisis sintáctico de Objeto.” This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. • http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30143 http://www.kb.cert.org/vuls/id/543907 http://www.securityfocus.com/archive/1/492020/100/0/threaded http://www.securityfocus.com/bid/29104 http://www.securitytracker.com/id?1020013 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1504/references http://www.zerodayinitiative.com/advisories/ZDI-08-023 https://docs.microsoft.com/en-u • CWE-94: Improper Control of Generation of Code ('Code Injection') •