Page 4 of 109 results (0.007 seconds)

CVSS: 9.3EPSS: 93%CPEs: 6EXPL: 0

CVE-2011-0980 – Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-0980

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability." Microsoft Office Excel 2003 no parsea correctamente objetos Office Art, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un puntero a función. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw occurs when parsing a document with a malformed Excel document. When parsing an office art object, the application will add the malformed object to a linked list. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://secunia.com/advisories/39122 http://secunia.com/advisories/43210 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-040 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 93%CPEs: 6EXPL: 1

CVE-2011-0978 – Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-0978

Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability." Desbordamiento de búfer basado en pila en Microsoft Office Excel permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con un registro de propiedades de eje, y el incremento indebido de un índice de matriz. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's usage of a specific field used for incrementing an index used in an array. Due to the application failing to verify the usage of the index into the array, the application will copy the contents of the specified element into a statically sized buffer on the stack. • https://www.exploit-db.com/exploits/17227 http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://secunia.com/advisories/39122 http://secunia.com/advisories/43232 http://securityreason.com/securityalert/8231 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-042 https://docs.microsoft.com/en-us/security-updates/securityb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 92%CPEs: 1EXPL: 0

CVE-2010-3230

https://notcve.org/view.php?id=CVE-2010-3230

Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." Desbordamiento de entero en Microsoft Excel 2002 SP3 permite a los atacantes remotos ejecutar código a su elección a través de documentos Excel con información de registro manipulada, también conocido como "Excel Record Parsing Integer Overflow Vulnerability". • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7042 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 97%CPEs: 4EXPL: 0

CVE-2010-3231

https://notcve.org/view.php?id=CVE-2010-3231

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." Microsoft Excel 2002 SP3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac no valida correctamente la información de registro, lo cual permite a los atacantes remotos ejecutar código a su elección a través de documentos Excel manipulados, también conocido como "Excel Record Parsing Memory Corruption Vulnerability". • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7475 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 85%CPEs: 2EXPL: 0

CVE-2010-3233

https://notcve.org/view.php?id=CVE-2010-3233

Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." Microsoft Excel 2002 SP3 y 2003 SP3 no valida correctamente la información de registro, lo cual permite a los atacantes remotos ejecutar código a su elección a través de ficheros .wk3 (también conocidos como Lotus 1-2-3 workbook) manipulados, tambien conocido como "Lotus 1-2-3 Workbook Parsing Vulnerability". • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6737 • CWE-20: Improper Input Validation •