Page 22 of 132 results (0.010 seconds)

CVSS: 9.3EPSS: 79%CPEs: 8EXPL: 0

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office XP y Office 2003 permite a un atacante remoto con la intervención del usuario ejecutar código de su elección a través de un archivo PPT artesanal, según lo explotado por el malware como por ejemploExploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, y Exploit-PPT.d/Trojan.PPDropper.F. • http://secunia.com/advisories/22127 http://securitytracker.com/id?1016937 http://vil.nai.com/vil/content/v_140666.htm http://www.avertlabs.com/research/blog/?p=95 http://www.kb.cert.org/vuls/id/231204 http://www.microsoft.com/technet/security/advisory/925984.mspx http://www.osvdb.org/29259 http://www.securityfocus.com/archive/1/447831/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20226 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 1

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. Desbordamiento de búfer basado en montón en Microsoft Publisher 2000 hasta 2003, permite a los atacantes con la complicidad del usuario ejecutar código de su elección a través de un fichero PUB artesanal, el cual provoca un desbordamiento cuando analiza sintacticamente las fuentes. • http://secunia.com/advisories/21863 http://securityreason.com/securityalert/1548 http://securitytracker.com/id?1016825 http://www.computerterrorism.com/research/ct12-09-2006-2.htm http://www.kb.cert.org/vuls/id/406236 http://www.securityfocus.com/archive/1/445824/100/0/threaded http://www.securityfocus.com/archive/1/446630/100/100/threaded http://www.securityfocus.com/bid/19951 http://www.us-cert.gov/cas/techalerts/TA06-255A.html http://www.vupen.com/english/advisories&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 94%CPEs: 4EXPL: 0

Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. Desbordamiento de búfer en GIFIMP32.FLT, usado por Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, y otros productos, permite ataques asistidos por usuario para ejecutar código de su elección mediante una imagen GIF especialmente modificada para provocar la corrupción de la memoria cuando es analizada sintácticamente. • http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0005.html http://secunia.com/advisories/21013 http://securitytracker.com/id?1016470 http://www.kb.cert.org/vuls/id/668564 http://www.osvdb.org/27146 http://www.securityfocus.com/archive/1/439887/100/0/threaded http://www.securityfocus.com/bid/18915 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2757 https://docs.microsoft.com/en-us/security-updates/securitybull • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 81%CPEs: 4EXPL: 0

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. Vulnerabilidad no especificada en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes con la ayuda del usuario ejecutar código de su elección a través de una imagen PNG manipulada que induce una corrupción de memoria cuando se analiza sintácticamente. • http://secunia.com/advisories/21013 http://securitytracker.com/id?1016470 http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-22.html http://www.kb.cert.org/vuls/id/459388 http://www.osvdb.org/27147 http://www.securityfocus.com/bid/18913 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2757 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-039 https://oval.cisecurity.org/repository/search •

CVSS: 9.3EPSS: 90%CPEs: 4EXPL: 0

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. Vulnerabilidad sin especificar en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes ayudados por el usuario ejecutar código de su elección a través de un archivo Office con una cadena mal formada que dispara una corrupción de memoria relacionada con longitudes de archivo, también conocido como "Microsoft Office Parsing Vulnerability (Vulnerabilidad de Análisis Sintáctico de Microsoft Office)", una vulnerabilidad distinta de CVE-2006-2389. • http://secunia.com/advisories/21012 http://securitytracker.com/id?1016469 http://www.kb.cert.org/vuls/id/580036 http://www.osvdb.org/27148 http://www.securityfocus.com/bid/18912 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2756 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/27607 https://oval.cisecurity.org/repository/search/definition/ov • CWE-94: Improper Control of Generation of Code ('Code Injection') •