Page 3 of 60 results (0.005 seconds)

CVSS: 9.3EPSS: 94%CPEs: 16EXPL: 0

Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." Desbordamiento de búfer basado en pila en Excel en Microsoft Office 2000 SP3 y Office XP SP3, permite a atacantes remotos ejecutar código de su elección a través de un archivo Excel con un objeto de registro mal formado, también conocido como "Vulnerabilidad String Copy Stack-Based Overrun". • http://www.securityfocus.com/bid/35243 http://www.securitytracker.com/id?1022351 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1540 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 92%CPEs: 16EXPL: 0

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability." Excel en Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, y Office 2004 y 2008 para Mac; Excel en 2007 Microsoft Office System SP1 y SP2; Open XML File Format Converter para Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2 permite a atacantes remotos ejecutar código de su elección a través de un archivo Excel manipulado con un objeto record mal formado, también conocido como "Vulnerabilidad de corrupción de memoria en la limpieza de campos". • http://osvdb.org/54956 http://www.securityfocus.com/bid/35244 http://www.securitytracker.com/id?1022351 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1540 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 87%CPEs: 16EXPL: 0

Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability." Un desbordamiento enteros en Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP3 y Office 2004 y 2008 para Mac de Microsoft; Excel en 2007 Office System SP1 y SP2 de Microsoft; Open XML File Format Converter para Mac; Office Excel Viewer 2003 SP3 de Microsoft; Office Excel Viewer de Microsoft; Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft; y Office SharePoint Server 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Excel con un registro de tabla de cadenas compartidas (SST) con un campo numérico que especifica un número no válido de cadenas únicas, lo que desencadena un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Record Integer Overflow Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805 http://osvdb.org/54957 http://secunia.com/secunia_research/2009-12 http://www.securityfocus.com/archive/1/504190/100/0/threaded http://www.securityfocus.com/bid/35245 http://www.securitytracker.com/id?1022351 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1540 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 https://ov • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 88%CPEs: 12EXPL: 2

Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability." Desbordamiento de búfer en Microsoft Office Word 2000 SP3, 2002 SP3, y 2007 SP1 y SP2; Microsoft Office para Mac 2004 y 2008; Conversor de formato de archivo Open XML para Mac; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, permite a los atacantes remotos ejecutar arbitrariamente código a través de un documento Word con un registro malformado que lanza una corrupción de memoria, también conocido como "Vulnerabilidad de desbordamiento de búfer Word" • https://www.exploit-db.com/exploits/14693 https://www.exploit-db.com/exploits/17177 http://osvdb.org/54960 http://securityreason.com/securityalert/8206 http://www.securityfocus.com/bid/35190 http://www.securitytracker.com/id?1022356 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1546 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027 https://oval.cisecurity.org/repository/search/definition/oval%3A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 74%CPEs: 16EXPL: 0

Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability." Excel en 2007 Office System SP1 y SP2 de Microsoft; Office Excel Viewer de Microsoft; y Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo BIFF con un objeto de registro Qsir (0x806) malformado, también se conoce como "Record Pointer Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires user interaction in that a victim must open a malicious XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. When Excel 2007 encounters a malformed Qsir record (0x806) user data is improperly handled leading to potential code execution. • http://osvdb.org/54958 http://www.securityfocus.com/archive/1/504213/100/0/threaded http://www.securityfocus.com/bid/35246 http://www.securitytracker.com/id?1022351 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1540 http://www.zerodayinitiative.com/advisories/ZDI-09-040 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-94: Improper Control of Generation of Code ('Code Injection') •