CVSS: 9.3EPSS: 66%CPEs: 19EXPL: 0CVE-2008-4031
https://notcve.org/view.php?id=CVE-2008-4031
10 Dec 2008 — Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Par... • http://www.securitytracker.com/id?1021370 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 70%CPEs: 19EXPL: 0CVE-2008-4837 – Microsoft Office Word Document Table Property Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4837
09 Dec 2008 — Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." Desbordamiento de búfer en la región stack de la memoria en Micros... • http://www.securityfocus.com/archive/1/499064/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 64%CPEs: 19EXPL: 0CVE-2008-4027 – Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-4027
09 Dec 2008 — Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "W... • http://www.securityfocus.com/archive/1/499062/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 68%CPEs: 19EXPL: 0CVE-2008-4028 – Microsoft Office RTF Drawing Object Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4028
09 Dec 2008 — Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and ... • http://www.securityfocus.com/archive/1/499063/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 76%CPEs: 22EXPL: 1CVE-2007-5348 – Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
https://notcve.org/view.php?id=CVE-2007-5348
10 Sep 2008 — Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted ... • https://www.exploit-db.com/exploits/6619 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 70%CPEs: 22EXPL: 0CVE-2008-3012
https://notcve.org/view.php?id=CVE-2008-3012
10 Sep 2008 — gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute ... • http://marc.info/?l=bugtraq&m=122235754013992&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 71%CPEs: 22EXPL: 0CVE-2008-3014
https://notcve.org/view.php?id=CVE-2008-3014
10 Sep 2008 — Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed W... • http://marc.info/?l=bugtraq&m=122235754013992&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 74%CPEs: 20EXPL: 1CVE-2008-3013 – Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3013
09 Sep 2008 — gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file conta... • https://www.exploit-db.com/exploits/6716 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 71%CPEs: 14EXPL: 2CVE-2008-3015 – Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3015
09 Sep 2008 — Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vuln... • http://marc.info/?l=bugtraq&m=122235754013992&w=2 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 50%CPEs: 4EXPL: 0CVE-2008-3018
https://notcve.org/view.php?id=CVE-2008-3018
12 Aug 2008 — Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. Microsoft Office 2000 SP3, XP SP3 y 2003 SP2; Office Converter Pack y Works 8 no analiza sintácticamente correctamente la longitud de un archivo PICT, lo que permite a atacantes remotos ejecutar código de ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •