CVE-2006-2389 – Microsoft Office 2000/2002 - Property Code Execution
https://notcve.org/view.php?id=CVE-2006-2389
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. Vulnerabilidad no especificada en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes ayudados por el usuario ejecutar código de su elección a través de un archivo Office con una propiedad mal formada que dispara una corrupción de memoria relacionada con longitudes de documentos, también conocido como "Microsoft Office Property Vulnerability (Vulnerabilidad de Propiedad de Microsoft Office)", una vulnerabilidad distinta a CVE-2006-1316. • https://www.exploit-db.com/exploits/28198 http://secunia.com/advisories/21012 http://securitytracker.com/id?1016469 http://www.kb.cert.org/vuls/id/409316 http://www.osvdb.org/27149 http://www.securityfocus.com/bid/18911 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2756 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/27609 https:/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-3493 – Microsoft Word 2000/2003 - Unchecked Boundary Condition
https://notcve.org/view.php?id=CVE-2006-3493
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. Desbordamiento de búfer en la función LsCreateLine (mso_203) en mso.dll y mso9.dll, tal como se utiliza en Microsoft Word y posiblemente en otros productos en Microsoft Office 2003, 2002 y 2000, permite a atacantes remotos asistidos por usuario provocar una denegación de servicio (caída) a través de un documento Word manipulado u otro tipo de archivo Office. NOTA: este problema fue originalmente reportado para permitir ejecución de código, pero el 10-07-2006 Microsoft declaró que la ejecución de código no es posible y el investigador original está de acuerdo. • https://www.exploit-db.com/exploits/2001 http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047732.html http://marc.info/?l=full-disclosure&m=115231380526820&w=2 http://marc.info/?l=full-disclosure&m=115261598510657&w=2 http://securitytracker.com/id?1016453 http://www.securityfocus.com/archive/1/439649/100/0/threaded http://www.securityfocus.com/archive/1/439878/100/0/threaded http://www.secur •
CVE-2006-2492 – Microsoft Word Malformed Object Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2006-2492
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code. • http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx http://isc.sans.org/diary.php?storyid=1345 http://isc.sans.org/diary.php?storyid=1346 http://secunia.com/advisories/20153 http://securitytracker.com/id?1016130 http://www.kb.cert.org/vuls/id/446012 http://www.microsoft.com/technet/security/advisory/919637.mspx http://www.osvdb.org/25635 http://www.securityfocus.com/bid/18037 http://www.us-cert.gov/cas/techalerts/TA06-139A.html http://www.us- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2006-1540 – Microsoft Office Products - Array Index Bounds Error (PoC)
https://notcve.org/view.php?id=CVE-2006-1540
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string. • https://www.exploit-db.com/exploits/1615 http://secunia.com/advisories/21012 http://securitytracker.com/id?1015855 http://www.kb.cert.org/vuls/id/609868 http://www.osvdb.org/27150 http://www.securityfocus.com/archive/1/439697/100/0/threaded http://www.securityfocus.com/bid/17252 http://www.securityfocus.com/bid/18889 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2756 https://docs.microsoft.com/en-us/sec • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-0030 – Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution
https://notcve.org/view.php?id=CVE-2006-0030
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. • https://www.exploit-db.com/exploits/27055 http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securitytracker.com/id?1015766 http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm http://www.kb.cert.org/vuls/id/123222 http://www.osvdb.org/23901 http://www.securityfocus.com/bid/16181 http://www.us-cert.gov/cas/techalerts/TA06-073A.html http://www.vupen.com/english/advisories/2006/0950 https://docs.microsoft.com/en-us/security- •