Page 18 of 129 results (0.005 seconds)

CVSS: 9.3EPSS: 69%CPEs: 19EXPL: 0

CVE-2008-4028 – Microsoft Office RTF Drawing Object Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-4028

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a los atacantes remotos ejecutar código arbitrario por medio de palabras de control creadas relacionadas con múltiples etiquetas de Objeto de Dibujo en (1) un archivo RTF o (2) un mensaje de correo electrónico de texto enriquecido, que activa la asignación de memoria incorrecta y un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Word RTF Object Parsing Vulnerability," una vulnerabilidad diferente a la CVE-2008-4030. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft products including Word and Outlook. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists within the parsing of RTF documents containing multiple drawing object tags. First, code within wwlib.dll allocates a buffer for the tag object. • http://www.securityfocus.com/archive/1/499063/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 http://www.zerodayinitiative.com/advisories/ZDI-08-085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 87%CPEs: 16EXPL: 0

CVE-2008-4019 – Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2008-4019

Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." Desbordamiento de entero en la función REPT en Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office SharePoint Server 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac, permite a atacantes remotos ejecutar código de su elección a través de un archivo Excel con una fórmula dentro de una celda. También conocida como "Vulnerabilidad de validación de Fórmula". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, or open a malicious file. The specific flaw exists when parsing Microsoft Excel documents containing a malformed REPT formula embedded inside a cell. • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32211 http://www.securityfocus.com/bid/31706 http://www.securitytracker.com/id?1021044 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2808 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 https://exchange.xforce.ibmcloud.com/vulnerabilities/45580 https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 https://oval.cis • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 91%CPEs: 12EXPL: 0

CVE-2008-3471 – Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-3471

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability." Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 y SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac no asigna memoria adecuadamente cuando carga objetos Excel durante el análisis del formato de fichero de la hoja de cálculo Excel, lo cual permite a atacantes remotos ejecutar código de su elección a través de ficheros BIFF manipulados, también conocido como "Vulnerabilidad de Análisis de Formato de Fichero". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the victim to open the malformed BIFF (.xls) document. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed record, user-supplied data is copied into a stack-based buffer using a size that is calculated using contents from the record. • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32211 http://www.securityfocus.com/bid/31705 http://www.securitytracker.com/id?1021044 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2808 http://www.zerodayinitiative.com/advisories/ZDI-08-068 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 https://exchange. • CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 68%CPEs: 10EXPL: 0

CVE-2008-1455

https://notcve.org/view.php?id=CVE-2008-1455

A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability." Un error en el cálculo de memoria en Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, y 2007 incluyendo el SP1; y Compatibility Pack para Word, Excel, and PowerPoint 2007 incluyendo el SP1; y Office 2004 para Mac, permite a atacantes remotos ejecutar código de su elección a través de un archivo PowerPoint con una lista de valores manipulados, lo que lanza una corrupción de memoria. También conocida como "Vulnerabilidad de desbordamiento en validación". • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31453 http://www.securityfocus.com/bid/30579 http://www.securitytracker.com/id?1020676 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2355 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5555 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 0

CVE-2008-3004

https://notcve.org/view.php?id=CVE-2008-3004

Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3 y 2003 SP2 y SP3; Office Excel Viewer 2003; y Office 2004 y 2008 para Mac no comprueban apropiadamente los valores de índice para los registros AxesSet al cargar archivos de Excel, lo que permite a atacantes remotos ejecutar código arbitrario por medio de un archivo de Excel creado, también se conoce como "Excel Indexing Validation Vulnerability." • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=740 http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31454 http://www.securityfocus.com/bid/30638 http://www.securitytracker.com/id?1020670 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2347 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043 https://oval.cisecurity.org/repository/search/definition/oval • CWE-20: Improper Input Validation •