CVE-2004-0200 – Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)
https://notcve.org/view.php?id=CVE-2004-0200
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. Desbordamiento de búfer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar código de su elección mediante un campo de longitud JPEG COM pequeño que es normalizado a una longitud de entero grande antes de una operación de copia de memoria. • https://www.exploit-db.com/exploits/474 https://www.exploit-db.com/exploits/556 https://www.exploit-db.com/exploits/475 https://www.exploit-db.com/exploits/478 https://www.exploit-db.com/exploits/472 https://www.exploit-db.com/exploits/480 http://marc.info/?l=bugtraq&m=109524346729948&w=2 http://www.kb.cert.org/vuls/id/297462 http://www.us-cert.gov/cas/techalerts/TA04-260A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms •
CVE-2002-0152
https://notcve.org/view.php?id=CVE-2002-0152
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. Desbordamiento de buffer en varias aplicaciones de Microsoft para Macintosht permite a atacantes remotos causar una denegación de servicio (caída) o ejecutar código arbitrario invocando la directiva file:// con un número grande de caracteres /. • http://marc.info/?l=bugtraq&m=101897994314015&w=2 http://www.iss.net/security_center/static/8850.php http://www.osvdb.org/5357 http://www.securityfocus.com/bid/4517 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 •
CVE-2001-0718
https://notcve.org/view.php?id=CVE-2001-0718
Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. • http://online.securityfocus.com/archive/1/218802 http://www.cert.org/advisories/CA-2001-28.html http://www.kb.cert.org/vuls/id/287067 http://www.securityfocus.com/bid/3402 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/7223 •
CVE-2001-0005
https://notcve.org/view.php?id=CVE-2001-0005
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. • http://www.atstake.com/research/advisories/2001/a012301-1.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/5996 •
CVE-2000-0765
https://notcve.org/view.php?id=CVE-2000-0765
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. • http://www.securityfocus.com/bid/1561 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-056 •