CVE-2009-0561
https://notcve.org/view.php?id=CVE-2009-0561
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability." Un desbordamiento enteros en Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP3 y Office 2004 y 2008 para Mac de Microsoft; Excel en 2007 Office System SP1 y SP2 de Microsoft; Open XML File Format Converter para Mac; Office Excel Viewer 2003 SP3 de Microsoft; Office Excel Viewer de Microsoft; Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft; y Office SharePoint Server 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Excel con un registro de tabla de cadenas compartidas (SST) con un campo numérico que especifica un número no válido de cadenas únicas, lo que desencadena un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Record Integer Overflow Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805 http://osvdb.org/54957 http://secunia.com/secunia_research/2009-12 http://www.securityfocus.com/archive/1/504190/100/0/threaded http://www.securityfocus.com/bid/35245 http://www.securitytracker.com/id?1022351 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1540 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 https://ov • CWE-189: Numeric Errors •
CVE-2009-1134 – Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1134
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability." Excel en 2007 Office System SP1 y SP2 de Microsoft; Office Excel Viewer de Microsoft; y Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo BIFF con un objeto de registro Qsir (0x806) malformado, también se conoce como "Record Pointer Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires user interaction in that a victim must open a malicious XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. When Excel 2007 encounters a malformed Qsir record (0x806) user data is improperly handled leading to potential code execution. • http://osvdb.org/54958 http://www.securityfocus.com/archive/1/504213/100/0/threaded http://www.securityfocus.com/bid/35246 http://www.securitytracker.com/id?1022351 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1540 http://www.zerodayinitiative.com/advisories/ZDI-09-040 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-4032
https://notcve.org/view.php?id=CVE-2008-4032
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." Microsoft Office SharePoint Server 2007 Gold y SP1 y Microsoft Search Server 2008 no realizan apropiadamente la autenticación y autorización de funciones administrativas, lo que permite a atacantes remotos provocar una denegación de servicio (server load), obtener información sensible y "crear scripts que podrían ejecutarse en el contexto del sitio" mediante peticiones a URIs de administración, alias "Vulnerabilidad de Control de Acceso". • http://secunia.com/advisories/33063 http://www.securitytracker.com/id?1021367 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3389 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774 • CWE-287: Improper Authentication •
CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expression Web, Office, Internet Explorer y otros productos; permite a atacantes remotos obtener información sensible de otro dominio y corromper el estado de la sesión a través de solicitudes de campos de cabecera HTTP, como se ha demostrado con el campo Transfer-Encoding. También se conoce como "Vulnerabilidad de la solicitud de la cabecera MSXML". • https://www.exploit-db.com/exploits/7196 http://marc.info/?l=bugtraq&m=122703006921213&w=2 http://securitytracker.com/id?1021164 http://www.securityfocus.com/bid/32204 http://www.us-cert.gov/cas/techalerts/TA08-316A.html http://www.vupen.com/english/advisories/2008/3111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4019 – Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4019
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." Desbordamiento de entero en la función REPT en Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office SharePoint Server 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac, permite a atacantes remotos ejecutar código de su elección a través de un archivo Excel con una fórmula dentro de una celda. También conocida como "Vulnerabilidad de validación de Fórmula". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, or open a malicious file. The specific flaw exists when parsing Microsoft Excel documents containing a malformed REPT formula embedded inside a cell. • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32211 http://www.securityfocus.com/bid/31706 http://www.securitytracker.com/id?1021044 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2808 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 https://exchange.xforce.ibmcloud.com/vulnerabilities/45580 https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 https://oval.cis • CWE-190: Integer Overflow or Wraparound •