CVSS: 9.3EPSS: 53%CPEs: 10EXPL: 2CVE-2008-4255 – Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4255
09 Dec 2008 — Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." Un desbordamie... • https://www.exploit-db.com/exploits/7431 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 81%CPEs: 7EXPL: 4CVE-2008-3704 – Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-3704
18 Aug 2008 — Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability... • https://www.exploit-db.com/exploits/6244 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 34%CPEs: 1EXPL: 2CVE-2008-2959 – Visual Basic Enterprise Edition SP6 - 'vb6skit.dll' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2959
02 Jul 2008 — Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. Desbordamiento de búfer en un determinado control ActiveX (vb6skit.dll) de Microsoft Visual Basic Enterprise Edition 6.0 SP6 puede permitir a atacantes remotos ejecutar código de su elección a través de un argumento lpstrLinkPath largo de la función fCreateShellLink. • https://www.exploit-db.com/exploits/5851 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 52%CPEs: 7EXPL: 0CVE-2007-0065
https://notcve.org/view.php?id=CVE-2007-0065
12 Feb 2008 — Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. Búfer overflow basado en montículo en el objeto OLE (Object Linking and Embedding)Automation en Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, Office 2004 para Mac, y Visual basic 6.0 SP6, permite a atacantes remotos ejecutar códi... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 53%CPEs: 1EXPL: 2CVE-2008-0392 – Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0392
23 Jan 2008 — Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. Múltiples desbordamientos de búfer en Microsoft Visual Basic Enterprise Edition 6.0 SP6 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través del código de un archivo .dsr con una línea de longitud (1) ConnectionName o (2) CommandName. • https://www.exploit-db.com/exploits/4938 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 81%CPEs: 2EXPL: 3CVE-2007-4776 – Microsoft Visual Basic - '.VBP' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4776
10 Sep 2007 — Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability. Desbordamiento de búfer en Microsoft Visual Basic versión 6.0 y Enterprise Edition versión 6.0 SP6, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por med... • https://www.exploit-db.com/exploits/16680 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 63%CPEs: 6EXPL: 0CVE-2007-2224
https://notcve.org/view.php?id=CVE-2007-2224
14 Aug 2007 — Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. En Object linking and embedding (OLE) Automation, tal como se usa en Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Office 2004 para Mac y Visual Basic versión 6.0 permite ... • http://secunia.com/advisories/26449 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 56%CPEs: 1EXPL: 4CVE-2007-2884 – Microsoft Visual Basic 6.0 Project - Company Name Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-2884
30 May 2007 — Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. Múltiples desbordamientos de búfer en Microsoft Visual Basic 6 permite a atacantes remotos cno la intervención del usuario provocar una denegación de servicio (agotamiento de CPU) o ejecutar código de su elección mediante ... • https://www.exploit-db.com/exploits/3976 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 19%CPEs: 1EXPL: 1CVE-2006-4732
https://notcve.org/view.php?id=CVE-2006-4732
13 Sep 2006 — Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. Vulnerabilidad no especificada en Microsoft Visual Basic (VB) 6 tiene impacto desconocido ("desbordamiento") mediante un proyecto que contiene cierto procedimiento de eventos Click, como se ha demostrado usando la función msgbox y el objeto VB.Label. • http://securityreason.com/securityalert/1547 •
CVSS: 7.8EPSS: 46%CPEs: 4EXPL: 0CVE-2006-3649
https://notcve.org/view.php?id=CVE-2006-3649
09 Aug 2006 — Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. Desbordamiento de búfer en Microsoft Visual Basic para Aplicaciones (VBA) SDK 6.0 hasta 6.4, como se usa en... • http://secunia.com/advisories/21408 •