Page 20 of 101 results (0.004 seconds)

CVSS: 9.3EPSS: 65%CPEs: 13EXPL: 0

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." Desbordamiento de búfer en Microsoft Excel 2000 a 2003 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante un fichero .xls con ciertos campos artesanales en un campo SELECTION, lo que dispara una corrupción de memoria, también conocida como "Vulnerabilidad de registro SELECTION malformado". • http://securityreason.com/securityalert/1238 http://securitytracker.com/id?1016472 http://www.nsfocus.com/english/homepage/research/0605.htm http://www.securityfocus.com/archive/1/439914/100/0/threaded http://www.securityfocus.com/bid/18885 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A379 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 69%CPEs: 12EXPL: 0

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." Desbordamiento de búfer en Microsoft Excel 2000 hasta 2003 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante un fichero .xls con un registro COLINFO artesanal, lo que dispara el desbordamiento durante una "operación de relleno de datos" • http://securitytracker.com/id?1016472 http://www.nsfocus.com/english/homepage/research/0606.htm http://www.securityfocus.com/archive/1/439909/100/0/threaded http://www.securityfocus.com/bid/18888 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A545 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 66%CPEs: 13EXPL: 0

Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. Vulnerabilidad no especificada en Microsoft Excel 2000 a 2004 permite a atacantes con implicación del usuario ejecutar código de su elección mediante un fichero .xls con un valor FNGROUPCOUNT. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047837.html http://securitytracker.com/id?1016472 http://www.securityfocus.com/bid/18890 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://exchange.xforce.ibmcloud.com/vulnerabilities/27464 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A243 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 70%CPEs: 13EXPL: 0

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." Microsoft Excel 2000 a 2004 permite a atacantes con implicación del usuario ejecutar código de su elección mediante un fichero .xls con un registro BIFF artesanal con un índice de array controlado por el atacante que es usado para un puntero a función, tcc "Vulnerabilidad de registro OBJECT malformado". • http://securitytracker.com/id?1016472 http://secway.org/advisory/AD20060711.txt http://www.securityfocus.com/archive/1/439884/100/0/threaded http://www.securityfocus.com/bid/18886 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A950 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 79%CPEs: 13EXPL: 0

Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. Microsoft Office Excel 2000 hasta la versión 2004 permite a atacantes asistidos por el usuario ejecutar código arbitrario a través de comentarios de celdas mal formadas, lo que conduce a modificación de "desplazamiento de datos críticos" durante el proceso de reconstrucción. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the rebuilding of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. • http://securitytracker.com/id?1016472 http://www.securityfocus.com/archive/1/439786/100/0/threaded http://www.securityfocus.com/bid/18938 http://www.vupen.com/english/advisories/2006/2755 http://www.zerodayinitiative.com/advisories/ZDI-06-022.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://exchange.xforce.ibmcloud.com/vulnerabilities/27604 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A234 • CWE-94: Improper Control of Generation of Code ('Code Injection') •