CVE-2010-1249
https://notcve.org/view.php?id=CVE-2010-1249
Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247. Vulnerabilidad no especificada en Microsoft Office Excel 2002 SP3, Office 2004 para Mac, Office 2008 para Mac, y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección a través de un fichero Excel manipulado, conocido como "Vulnerabilidad de corrupción de memoria Excel", una vulnerabilidad diferente que CVE-2010-0823 y CVE-2010-1247. • http://osvdb.org/65232 http://www.securityfocus.com/archive/1/511767/100/0/threaded http://www.securityfocus.com/bid/40527 http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6634 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-1250
https://notcve.org/view.php?id=CVE-2010-1250
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft Office Excel 2002 SP3, Office 2004 para Mac, Office 2008 para Mac, y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección a través de un fichero Excel debidamente modificado. Esta vulnerabilidad también es conocida como "Vulnerabilidad de corrupción de memoria EDG en Excel". • http://www.securityfocus.com/archive/1/511756/100/0/threaded http://www.securityfocus.com/bid/40528 http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7593 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-1263
https://notcve.org/view.php?id=CVE-2010-1263
Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability." Vulnerabilidad no especificada en Microsoft Office XP SP3, Office 2003 SP3 y 2007 SP1 y SP2 permite a atacantes remotos ejecutar código de su elección a través de un fichero Office manipulado, relacionado con la instanciación del objeto COM. También se conoce como "Vulnerabilidad de Validación COM". • http://www.securityfocus.com/bid/40574 http://www.securitytracker.com/id?1024555 http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7286 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-1245 – Microsoft Excel - SxView Record Parsing Heap Memory Corruption
https://notcve.org/view.php?id=CVE-2010-1245
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821. Vulnerabilidad no especificada en Microsoft Office Excel 2002 SP3, Office 2004 para Mac, Office 2008 para Mac, y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección a través de un fichero Excel manipulado, conocido como "Vulnerabilidad de corrupción de registro de memoria Excel", una vulnerabilidad diferente que CVE-2010-0824 y CVE-2010-0821. • https://www.exploit-db.com/exploits/15148 http://www.securityfocus.com/archive/1/511753/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0821 – Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0821
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245. Vulnerabilidad no especificada en Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 y SP2; Office 2004 para mac; Office 2008 para Mac; Open XML File Format Converter para Mac; Office Excel Viewer SP1 y SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2; permite a atacantse remotos ejecutar código de su elección a través de un fichero Excel manipulado, conocido como "Vulnerabilidad de corrupción de memoria en el parseo de registro Excel", una vulnerabilidad diferente que CVE-2010-0824 y CVE-2010-1245. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of SXVIEW records in an Excel spreadsheet. Due to the lack of checking when parsing structure items for the record it is possible to write arbitrary data to a user controlled address. • http://www.securityfocus.com/archive/1/511729/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://www.zerodayinitiative.com/advisories/ZDI-10-104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771 • CWE-94: Improper Control of Generation of Code ('Code Injection') •