Page 3 of 109 results (0.007 seconds)

CVSS: 9.3EPSS: 92%CPEs: 5EXPL: 0

CVE-2011-0103

https://notcve.org/view.php?id=CVE-2011-0103

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability." Microsoft Excel 2002 SP3 y 2003 SP3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de información manipulada del registro en un archivo Excel, también conocido como "Excel Memory Corruption Vulnerability." • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=901 http://osvdb.org/71760 http://secunia.com/advisories/39122 http://www.securityfocus.com/bid/47244 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12616 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 96%CPEs: 5EXPL: 2

CVE-2011-0104 – Microsoft Excel - Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2011-0104

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability." Excel 2002 SP3 y 2003 SP3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac, de Microsoft, permiten a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un registro HLink en un archivo Excel, también se conoce como "Excel Buffer Overwrite Vulnerability." • https://www.exploit-db.com/exploits/35573 https://github.com/Sunqiz/CVE-2011-0104-reproduction http://osvdb.org/71761 http://secunia.com/advisories/39122 http://www.checkpoint.com/defense/advisories/public/2011/cpai-31-Mard.html http://www.securityfocus.com/bid/47245 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 95%CPEs: 1EXPL: 0

CVE-2011-0101 – Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-0101

Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability." Microsoft Excel 2002 SP3 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un registro RealTimeData manipulado relacionado con un campo stTopic, caracteres de bytes dobles y un cálculo incorrecto de puntero. Esta vulnerabilidad también es conocida como "Excel Record Parsing WriteAV Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the methods used for RealTimeData Record Parsing. • http://osvdb.org/71766 http://secunia.com/advisories/39122 http://www.securityfocus.com/archive/1/517463/100/0/threaded http://www.securityfocus.com/bid/47243 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://www.zerodayinitiative.com/advisories/ZDI-11-120 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 96%CPEs: 4EXPL: 2

CVE-2011-0105 – Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-0105

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability." Microsoft Excel 2002 Service Pack 3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac obtiene un valor de cierta longitud de una posición de memoria sin inicializar, lo que permite a atacantes remotos provocar un desbordamiento de búfer y ejecutar código arbitrario mediante un archivo de Excel manipulado, también conocida como " vulnerabilidad inicialización de datos en Excel." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's parsing of a particular record within a Microsoft Excel Compound Document. When specifying a particular value, the application will fail to initialize a variable that is used as the length of a memcpy operation. • https://www.exploit-db.com/exploits/18087 http://secunia.com/advisories/39122 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12618 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 88%CPEs: 11EXPL: 0

CVE-2011-0979 – Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-0979

Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability." Excel 2002 SP3, 2003 SP3, 2007 SP2 y 2010; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; y Excel Viewer SP2 de Microsoft, no maneja apropiadamente los errores durante el análisis de registros Art de Office en hojas de cálculo de Excel, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un registro de objeto malformado, relacionado con una "stray reference", también se conoce como "Excel Linked List Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application parses an Office Art record within a Microsoft Excel Document. Specifically, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://osvdb.org/70904 http://secunia.com/advisories/39122 http://secunia.com/advisories/43231 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository&#x • CWE-20: Improper Input Validation •