CVSS: 8.8EPSS: 64%CPEs: 10EXPL: 0CVE-2008-4256
https://notcve.org/view.php?id=CVE-2008-4256
10 Dec 2008 — The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." El control ActiveX Charts en Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 y 2003 SP1, y V... • http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 53%CPEs: 10EXPL: 2CVE-2008-4255 – Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4255
09 Dec 2008 — Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." Un desbordamie... • https://www.exploit-db.com/exploits/7431 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 59%CPEs: 3EXPL: 0CVE-2008-1088
https://notcve.org/view.php?id=CVE-2008-1088
08 Apr 2008 — Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." Microsoft Project 2000 Service Release 1, 2002 SP1, y 2003 SP2, permite a atacantes remotos con la ayuda del usuario local ejecutar código de su elección a través de un fichero Project manipulado. Relacionado con la no correcta validación de "ubicación de recursos de memoria". • http://marc.info/?l=bugtraq&m=120845064910729&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 62%CPEs: 36EXPL: 0CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
03 Feb 2007 — Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque descon... • http://osvdb.org/31901 •
CVSS: 9.3EPSS: 45%CPEs: 9EXPL: 0CVE-2006-3864
https://notcve.org/view.php?id=CVE-2006-3864
10 Oct 2006 — Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. Vulnerabilidad no especificada en el mso.dll de Microsoft Office 2000, ... • http://secunia.com/advisories/22339 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 36%CPEs: 35EXPL: 0CVE-2006-3877
https://notcve.org/view.php?id=CVE-2006-3877
10 Oct 2006 — Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervención del usuario ejecutar có... • http://securitytracker.com/id?1017030 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 42%CPEs: 41EXPL: 3CVE-2005-2127 – Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-2127
19 Aug 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrat... • https://www.exploit-db.com/exploits/26167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 37%CPEs: 22EXPL: 0CVE-2004-0848
https://notcve.org/view.php?id=CVE-2004-0848
08 Feb 2005 — Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. • http://www.kb.cert.org/vuls/id/416001 •
CVSS: 9.3EPSS: 75%CPEs: 43EXPL: 6CVE-2004-0200 – Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)
https://notcve.org/view.php?id=CVE-2004-0200
17 Sep 2004 — Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. Desbordamiento de búfer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar código de su elección mediante un campo de longitud ... • https://www.exploit-db.com/exploits/474 •
CVSS: 10.0EPSS: 74%CPEs: 13EXPL: 2CVE-2003-0347 – Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 - Document Handling Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0347
04 Sep 2003 — Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. • https://www.exploit-db.com/exploits/23094 •