CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque desconocidos, como es demostrado por el archivo Exploit-MSExcel.h en ataques de día cero dirigidos. • http://osvdb.org/31901 http://secunia.com/advisories/24008 http://securitytracker.com/id?1017584 http://vil.nai.com/vil/content/v_141393.htm http://www.avertlabs.com/research/blog/?p=191 http://www.kb.cert.org/vuls/id/613740 http://www.microsoft.com/technet/security/advisory/932553.mspx http://www.securityfocus.com/bid/22383 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0463 https://docs.microsoft.com •
CVE-2006-5296 – Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-5296
PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. PowerPoint en Microsoft Office 2003 no maneja adecuadamente un objeto contenedor cuyo valor de posición excede la longitud del registro, lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (referencia NULL y caída de aplicación) mediante un archivo PowerPoint (.PPT) manipulado, como ha demostrado Nanika.ppt. Es una vulnerabilidad diferente de CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, y CVE-2006-4694. NOTA: el impacto de este problema fue originalmente clasificado como ejecución de código arbitrario, pero un análisis posterior ha demostrado que esta afirmación era errónea. • https://www.exploit-db.com/exploits/2523 http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx http://research.eeye.com/html/alerts/zeroday/20061012_2.html http://secunia.com/advisories/22394 http://securitytracker.com/id?1017059 http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553 h •
CVE-2006-3877
https://notcve.org/view.php?id=CVE-2006-3877
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervención del usuario ejecutar código de su elección mediante un "fichero artesanal" no especificado, una vulnerabilidad diferente que CVE-2006-3435, CVE-2006-4694, y CVE-2006-3876. • http://securitytracker.com/id?1017030 http://www.kb.cert.org/vuls/id/205948 http://www.osvdb.org/29448 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20325 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2006/3977 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 https& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-3449
https://notcve.org/view.php?id=CVE-2006-3449
Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." Vulnerabilidad no especificada en Microsoft PowerPoint 2000 hasta 2003, posiblemenet un desbordamiento de búfer, permite a atacantes remotos con intervención del usuario ejecutar comandos de su elección mediante un registro mal formado en el formato de archivo BIFF utilizado en un archivo PPT, un problema distinto de CVE-2006-1540, también conocido como "Vulnerabilidad de Registro Mal Formado de Microsoft PowerPoint" ("Microsoft PowerPoint Malformed Record Vulnerability"). • http://securityreason.com/securityalert/1342 http://securitytracker.com/id?1016657 http://secway.org/advisory/AD20060808.txt http://www.kb.cert.org/vuls/id/884252 http://www.securityfocus.com/archive/1/442592/100/0/threaded http://www.securityfocus.com/bid/19341 http://www.us-cert.gov/cas/techalerts/TA06-220A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3 •
CVE-2006-3655 – Microsoft PowerPoint 2003 - 'mso.dll' '.PPT' Processing Code Execution
https://notcve.org/view.php?id=CVE-2006-3655
Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. Vulnerabilidad no especificada en mso.dll en Microsoft PowerPoint 2003 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de un archivo PowerPoint manipulado. NOTA: Debido a la falta de detalles disponibles en fecha 20060717, es confuso cómo esto se relaciona con CVE-2006-3656, CVE-2006-3660, y CVE-2006-3590, aunque es posible que sean todos diferentes. • https://www.exploit-db.com/exploits/28224 http://secunia.com/advisories/21061 http://www.osvdb.org/27325 http://www.securityfocus.com/archive/1/440107/100/0/threaded http://www.securityfocus.com/archive/1/440370/100/0/threaded http://www.securityfocus.com/archive/1/440867/100/0/threaded http://www.securityfocus.com/bid/18993 http://www.vupen.com/english/advisories/2006/2815 https://exchange.xforce.ibmcloud.com/vulnerabilities/27781 •