CVE-2008-2143
https://notcve.org/view.php?id=CVE-2008-2143
Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. Versiones sin especificar de Microsoft Outlook Web Access (OWA) utilizan la directiva Cache-Control: no-cache HTTP en vez de no-store, lo que podría provocar que navegadores web que siguen RFC-2616 almacenen en caché información sensible. • http://www.kb.cert.org/vuls/id/829876 http://www.securityfocus.com/bid/29121 https://exchange.xforce.ibmcloud.com/vulnerabilities/42301 •
CVE-2008-1200
https://notcve.org/view.php?id=CVE-2008-1200
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026. Vulnerabilidad sin especificar en Microsoft Access permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un archivo .MDB manipulado, posiblemente relacionado con Jet Engine (msjet40.dll). NOTA: probablemente este sea un problema diferente a CVE-2007-6026. • http://pandalabs.pandasecurity.com/archive/New-MS-Access-exploit.aspx http://www.securityfocus.com/bid/28087 •
CVE-2007-6357
https://notcve.org/view.php?id=CVE-2007-6357
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. Desbordamiento de búfer basado en pila en Microsoft Office Access permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de archivos Microsoft Access Database (.mdb) manipulados. NOTA: Debido a la falta de detalles como en 20071210, no está claro si esta cuestión es la misma que la CVE-2007-6026 o CVE-2005-0944. • http://osvdb.org/44150 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9052538&source=rss_topic17 http://www.informationweek.com/shared/printableArticle.jhtml?articleID=204802012 http://www.us-cert.gov/current/index.html#microsoft_access_database_file_attachment • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque desconocidos, como es demostrado por el archivo Exploit-MSExcel.h en ataques de día cero dirigidos. • http://osvdb.org/31901 http://secunia.com/advisories/24008 http://securitytracker.com/id?1017584 http://vil.nai.com/vil/content/v_141393.htm http://www.avertlabs.com/research/blog/?p=191 http://www.kb.cert.org/vuls/id/613740 http://www.microsoft.com/technet/security/advisory/932553.mspx http://www.securityfocus.com/bid/22383 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0463 https://docs.microsoft.com •
CVE-2006-5559 – Microsoft Internet Explorer - ADODB Execute Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-5559
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. El objeto de control ActiveX ADODB.Connection 2.7 (ADODB.Connection.2.7) permite a atacantes remotos provocar una denegación de servicio (caída de Internet Explorer) mediante argumentos largos para la función Execute. • https://www.exploit-db.com/exploits/2629 http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx http://research.eeye.com/html/alerts/zeroday/20061027.html http://secunia.com/advisories/22452 http://securitytracker.com/id?1017127 http://www.kb.cert.org/vuls/id/589272 http://www.osvdb.org/31882 http://www.securityfocus.com/bid/20704 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0578 • CWE-20: Improper Input Validation •