CVSS: 9.3EPSS: 84%CPEs: 7EXPL: 1CVE-2008-0116 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0116
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003, Compatibility Pack y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de etiquetas malformadas en texto enriquecido, también se conoce como "Excel Rich Text Validation Vulnerability." • https://www.exploit-db.com/exploits/5287 http://dvlabs.tippingpoint.com/advisory/TPTI-08-03 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/archive/1/489430/100/0/threaded http://www.securityfocus.com/bid/28168 http://www.securitytracker.com/id?1019586 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08- • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 76%CPEs: 12EXPL: 1CVE-2008-0117 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0117
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 y 2002 SP2, y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante valores de formateo condicional (conditional formatting values), también conocido como "Vulnerabilidad Excel de formateo condicional". • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28170 http://www.securitytracker.com/id?1019587 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5508 •
CVSS: 9.3EPSS: 71%CPEs: 1EXPL: 1CVE-2008-0113 – Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-0113
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." Una vulnerabilidad no especificada en Microsoft Office Excel Viewer 2003 hasta SP3, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un documento de Excel con comentarios de celda malformada que desencadenan la corrupción de memoria a partir de un "allocation error," también se conoce como "Microsoft Office Cell Parsing Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. • https://www.exploit-db.com/exploits/5320 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://secunia.com/advisories/29321 http://www.securityfocus.com/archive/1/489415/100/0/threaded http://www.securitytracker.com/id?1019578 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0848/references http://www.zerodayinitiative.com/advisories/ZDI-08-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 83%CPEs: 5EXPL: 1CVE-2008-0081 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0081
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. Una vulnerabilidad no especificada en Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003 y Office 2004 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de macros diseñadas, también se conoce como "VMacro Validation Vulnerability," una vulnerabilidad diferente de CVE-2007-3490. • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://secunia.com/advisories/28506 http://securitytracker.com/id?1019200 http://www.microsoft.com/technet/security/advisory/947563.mspx http://www.securityfocus.com/bid/27305 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0146 http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security&# • CWE-908: Use of Uninitialized Resource •
CVSS: 7.6EPSS: 70%CPEs: 6EXPL: 0CVE-2007-3030
https://notcve.org/view.php?id=CVE-2007-3030
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, y 2003 Viewer permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante un archivo Excel mal formado involucrando "indicando el inicio de una designación de Espacio de Trabajo (Workspace)", lo cual resulta en corrupción de memoria, también conocida como "Vulnerabilidad de Corrupción de Memoria del Libro de Trabajo (Workbook)". • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35959 http://secunia.com/advisories/25995 http://www.securityfocus.com/bid/24803 http://www.securitytracker.com/id?1018352 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2478 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-036 https://exchange.xforce.ibmcloud.com/vulnerabilities/35217 https://oval.cisecurity.org/repo •