Page 24 of 147 results (0.008 seconds)

CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 1

CVE-2006-0001

https://notcve.org/view.php?id=CVE-2006-0001

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. Desbordamiento de búfer basado en montón en Microsoft Publisher 2000 hasta 2003, permite a los atacantes con la complicidad del usuario ejecutar código de su elección a través de un fichero PUB artesanal, el cual provoca un desbordamiento cuando analiza sintacticamente las fuentes. • http://secunia.com/advisories/21863 http://securityreason.com/securityalert/1548 http://securitytracker.com/id?1016825 http://www.computerterrorism.com/research/ct12-09-2006-2.htm http://www.kb.cert.org/vuls/id/406236 http://www.securityfocus.com/archive/1/445824/100/0/threaded http://www.securityfocus.com/archive/1/446630/100/100/threaded http://www.securityfocus.com/bid/19951 http://www.us-cert.gov/cas/techalerts/TA06-255A.html http://www.vupen.com/english/advisories&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 61%CPEs: 14EXPL: 0

CVE-2006-4534

https://notcve.org/view.php?id=CVE-2006-4534

Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. Vulnerabilidad no especificada en Microsoft Word 2000, 2002 y Office 2003 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de vectores no especificados involucrando un archivo manipulado que resulta de una pila mal formada, como explotado por malware con nombres que incluyen Trojan.Mdropper.Q, Mofei y Femo. • http://blogs.securiteam.com/?p=586 http://isc.sans.org/diary.php?storyid=1669 http://secunia.com/advisories/21735 http://securitytracker.com/id?1016787 http://support.microsoft.com/kb/925059 http://vil.mcafeesecurity.com/vil/content/v_119055.htm http://www.kb.cert.org/vuls/id/806548 http://www.microsoft.com/technet/security/advisory/925059.mspx http://www.osvdb.org/28539 http://www.securityfocus.com/archive/1/445162/100/100/threaded http://www.securityfocus.com& •

CVSS: 9.3EPSS: 94%CPEs: 4EXPL: 0

CVE-2006-0007

https://notcve.org/view.php?id=CVE-2006-0007

Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. Desbordamiento de búfer en GIFIMP32.FLT, usado por Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, y otros productos, permite ataques asistidos por usuario para ejecutar código de su elección mediante una imagen GIF especialmente modificada para provocar la corrupción de la memoria cuando es analizada sintácticamente. • http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0005.html http://secunia.com/advisories/21013 http://securitytracker.com/id?1016470 http://www.kb.cert.org/vuls/id/668564 http://www.osvdb.org/27146 http://www.securityfocus.com/archive/1/439887/100/0/threaded http://www.securityfocus.com/bid/18915 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2757 https://docs.microsoft.com/en-us/security-updates/securitybull • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 81%CPEs: 4EXPL: 0

CVE-2006-0033

https://notcve.org/view.php?id=CVE-2006-0033

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. Vulnerabilidad no especificada en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes con la ayuda del usuario ejecutar código de su elección a través de una imagen PNG manipulada que induce una corrupción de memoria cuando se analiza sintácticamente. • http://secunia.com/advisories/21013 http://securitytracker.com/id?1016470 http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-22.html http://www.kb.cert.org/vuls/id/459388 http://www.osvdb.org/27147 http://www.securityfocus.com/bid/18913 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2757 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-039 https://oval.cisecurity.org/repository/search •

CVSS: 9.3EPSS: 90%CPEs: 4EXPL: 0

CVE-2006-1316

https://notcve.org/view.php?id=CVE-2006-1316

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. Vulnerabilidad sin especificar en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes ayudados por el usuario ejecutar código de su elección a través de un archivo Office con una cadena mal formada que dispara una corrupción de memoria relacionada con longitudes de archivo, también conocido como "Microsoft Office Parsing Vulnerability (Vulnerabilidad de Análisis Sintáctico de Microsoft Office)", una vulnerabilidad distinta de CVE-2006-2389. • http://secunia.com/advisories/21012 http://securitytracker.com/id?1016469 http://www.kb.cert.org/vuls/id/580036 http://www.osvdb.org/27148 http://www.securityfocus.com/bid/18912 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2756 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/27607 https://oval.cisecurity.org/repository/search/definition/ov • CWE-94: Improper Control of Generation of Code ('Code Injection') •