Page 2 of 21 results (0.012 seconds)

CVSS: 9.3EPSS: 67%CPEs: 13EXPL: 0

CVE-2006-3434

https://notcve.org/view.php?id=CVE-2006-3434

Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Office 2000, XP, 2003, 2004 para Mac, y v.X para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante una cadena artesanal que dispara una corrupción de memoria. • http://secunia.com/advisories/22339 http://securitytracker.com/id?1017034 http://www.kb.cert.org/vuls/id/234900 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20382 http://www.vupen.com/english/advisories/2006/3981 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A389 •

CVSS: 9.3EPSS: 8%CPEs: 16EXPL: 0

CVE-2006-3647

https://notcve.org/view.php?id=CVE-2006-3647

Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. Desbordamiento de entero en Microsoft Word 2000, 2002, 2003, 2004 para Mac, y v.X para Mac permite a usuarios remotos con la complicidad del usuario ejecutar código de su elección mediante una cadena artesanal en un fichero Word, lo que desborda la longitud del valor de un entero de 16-bit, también conocido como "Memmove Code Execution", una vulnerabilidad diferente que CVE-2006-3651 y CVE-2006-4693. • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0211.html http://securitytracker.com/id?1017032 http://www.osvdb.org/29440 http://www.securityfocus.com/archive/1/448417/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20341 http://www.vupen.com/english/advisories/2006/3979 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060 https://oval.cisecurity.org/repository/search/definition • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 83%CPEs: 9EXPL: 0

CVE-2006-3864

https://notcve.org/view.php?id=CVE-2006-3864

Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. Vulnerabilidad no especificada en el mso.dll de Microsoft Office 2000, XP y 2003 y para el Microsoft PowerPoint 2000, XP y 2003, permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un registro mal formado en ficheros (1) .DOC, (2) .PPT o (3) .XLS lo que dispara una corrupción de memoria relacionado con "la condición de límite del array" (posiblemente un desbordamiento del índice del array), una vulnerabilidad diferente que CVE-2006-3434, CVE-2006-3650, y CVE-2006-3868. • http://secunia.com/advisories/22339 http://securitytracker.com/id?1017034 http://secway.org/advisory/AD20061010.txt http://support.microsoft.com/kb/922581 http://www.kb.cert.org/vuls/id/176556 http://www.osvdb.org/29429 http://www.securityfocus.com/archive/1/448268/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20384 http://www.vupen.com/english/advisories/2006/3981 https://docs.microsoft.com/en-us& • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 16%CPEs: 2EXPL: 0

CVE-2006-4693

https://notcve.org/view.php?id=CVE-2006-4693

Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651. Vulnerabilidad no especificada en Microsoft Word 2004 para Mac y v.X para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante una cadena artesanal en un fichero Word, un asunto diferente que CVE-2006-3647 y CVE-2006-3651. • http://securitytracker.com/id?1017032 http://www.osvdb.org/29442 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20387 http://www.vupen.com/english/advisories/2006/3979 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060 •

CVSS: 5.1EPSS: 70%CPEs: 17EXPL: 0

CVE-2006-2387 – Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability

https://notcve.org/view.php?id=CVE-2006-2387

Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. Vulnerabilidad no especificada en Microsoft Excel 2000, 2002, 2003, 2004 para Mac, v.X para Mac, Excel Viewer 2003, y Microsoft Works Suite 2004 hasta la 2006 permite a atacantes con la complicidad del usuario ejecutar código de su elección mediante un registro DATETIME artesanal en un fichero XLS, una vulnerabilidad diferente que CVE-2006-3867 y CVE-2006-3875. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of malformed DATETIME records, user-supplied data may be insecurely referenced thereby leading to the eventual execution of arbitrary code. • http://securitytracker.com/id?1017031 http://www.kb.cert.org/vuls/id/706668 http://www.securityfocus.com/archive/1/448147/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20344 http://www.vupen.com/english/advisories/2006/3978 http://www.zerodayinitiative.com/advisories/ZDI-06-033.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059 https://oval.cisecurity.org/repository/search/definit •