CVSS: 9.3EPSS: 76%CPEs: 12EXPL: 1CVE-2008-0117 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0117
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 y 2002 SP2, y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante valores de formateo condicional (conditional formatting values), también conocido como "Vulnerabilidad Excel de formateo condicional". • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28170 http://www.securitytracker.com/id?1019587 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5508 •
CVSS: 9.3EPSS: 90%CPEs: 26EXPL: 1CVE-2007-2223 – Microsoft Internet Explorer substringData Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2223
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. Microsoft XML Core Services (MSXML) versión 3.0 hasta 6.0 permite a los atacantes remotos ejecutar código arbitrario por medio del método substringData en un objeto (1) TextNode o (2) XMLDOM, lo que provoca un desbordamiento de enteros que conduce a un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method available on the TextNode JavaScript object. When specific parameters are passed to the method, an integer overflow occurs causing incorrect memory allocation. If this event occurs after a different ActiveX object has been instantiated, an exploitable condition is created when the ActiveX object is deallocated which can result in the execution of arbitrary code. • https://www.exploit-db.com/exploits/30493 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576 http://secunia.com/advisories/26447 http://www.kb.cert.org/vuls/id/361968 http://www.securityfocus.com/archive/1/476527/100/0/threaded http://www.securityfocus.com/archive/1/476747/100/0/threaded http://www.securityfocus.com/bid/25301 http://www.securitytracker.com/id?1018559 http://www.vupen.com/english/advisories/2007/2866 http://www.zerodayinitiative.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1911 – Microsoft Word 2007 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1911
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. Múltiples vulnerabilidades no especificadas en Microsoft Word 2007 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante documentos manipulados de forma manual, como ha sido demostrado por (1) file798-1.doc y (2) file613-1.doc, posiblemente relacionado con un desbordamiento de búfer. • https://www.exploit-db.com/exploits/3690 •
CVSS: 6.8EPSS: 88%CPEs: 1EXPL: 2CVE-2007-1910 – Microsoft Word 2007 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1910
Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. Desbordamiento de búfer en wwlib.dll en Microsoft Word 2007 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) y posiblemente ejecutar código de su elección a través de documentos manipulados como se demostró con file789-1.doc. • https://www.exploit-db.com/exploits/3690 http://www.securityfocus.com/bid/23380 http://www.securitytracker.com/id?1017902 •