CVSS: 9.3EPSS: 94%CPEs: 8EXPL: 6CVE-2010-3333 – Microsoft Office Stack-based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-3333
10 Nov 2010 — Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." Desbordamiento de búfer basado en pila en Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 y 2008 para Mac, Office para Mac 2011 y Open XML File Format Converter... • https://www.exploit-db.com/exploits/18334 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 64%CPEs: 8EXPL: 0CVE-2010-3334
https://notcve.org/view.php?id=CVE-2010-3334
10 Nov 2010 — Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 y 2008 para Mac... • http://secunia.com/advisories/38521 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 66%CPEs: 5EXPL: 0CVE-2010-3336
https://notcve.org/view.php?id=CVE-2010-3336
10 Nov 2010 — Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." Microsoft Office XP SP3, Office 2004 y 2008 para Mac, Office para Mac 2011, y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección a través de un documento Office manipulado que provoca una c... • http://secunia.com/advisories/38521 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 66%CPEs: 8EXPL: 0CVE-2010-3335 – Microsoft Excel MSODrawing Improper Exception Handling Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3335
09 Nov 2010 — Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 y 2008 para Mac, Office para Mac 2011, y Open XML File Format Converter para Mac permite a atacantes r... • http://secunia.com/advisories/38521 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 28%CPEs: 17EXPL: 1CVE-2010-2738 – Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)
https://notcve.org/view.php?id=CVE-2010-2738
15 Sep 2010 — The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." La implementación Uniscribe... • https://www.exploit-db.com/exploits/15158 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 83%CPEs: 8EXPL: 2CVE-2010-0266 – Microsoft Outlook - 'ATTACH_BY_REF_ONLY' File Execution (MS10-045)
https://notcve.org/view.php?id=CVE-2010-0266
14 Jul 2010 — Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." Microsoft Office Outlook 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 no verifica correctamente adjuntos en correo electrónico con un valor adecuado PR_ATTACH_METHOD de ATTACH_BY_REFERENCE, el cual pe... • https://www.exploit-db.com/exploits/16700 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 48%CPEs: 4EXPL: 0CVE-2010-1263
https://notcve.org/view.php?id=CVE-2010-1263
08 Jun 2010 — Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability." Vulnerabilidad no especificada en Microsoft Office XP SP3, Office 2003 SP3 y 2007 SP1 y SP2 per... • http://www.securityfocus.com/bid/40574 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 59%CPEs: 8EXPL: 0CVE-2010-0815
https://notcve.org/view.php?id=CVE-2010-0815
12 May 2010 — VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." VBE6.DLL en Microsoft Office XP SP3, Office 2003 SP3, Microsoft Office System 2007 SP1 y SP2, Visual Basic para Aplicaciones (VBA), y VBA S... • http://www.us-cert.gov/cas/techalerts/TA10-131A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 62%CPEs: 3EXPL: 0CVE-2010-0243
https://notcve.org/view.php?id=CVE-2010-0243
10 Feb 2010 — Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." Desbordamiento del búfer en MSO.DLL en Microsoft Office XP SP3 y Office 2004 para Mac, permite a atacantes remotos ejecutar código de su elección a través de un documento de Office manipulado. También se conoce como "MSO.DLL Buffer Overflow". • http://www.us-cert.gov/cas/techalerts/TA10-040A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 66%CPEs: 61EXPL: 0CVE-2009-3126
https://notcve.org/view.php?id=CVE-2009-3126
14 Oct 2009 — Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •