CVE-2011-0105 – Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0105
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability." Microsoft Excel 2002 Service Pack 3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac obtiene un valor de cierta longitud de una posición de memoria sin inicializar, lo que permite a atacantes remotos provocar un desbordamiento de búfer y ejecutar código arbitrario mediante un archivo de Excel manipulado, también conocida como " vulnerabilidad inicialización de datos en Excel." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's parsing of a particular record within a Microsoft Excel Compound Document. When specifying a particular value, the application will fail to initialize a variable that is used as the length of a memcpy operation. • https://www.exploit-db.com/exploits/18087 http://secunia.com/advisories/39122 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12618 - • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0655 – Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0655
Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability." Microsoft PowerPoint 2007 SP2 y 2010; Office 2004, 2008, y 2011 for Mac; Open XML File Format Converter para Mac; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; y PowerPoint Web App no valida adecuadamente los registros imeColorBehaviorContainer Floating Point en documentos PowerPoint, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de un documento manipulado que contiene un registro incorrecto. También conocida como "Floating Point Techno-color Time Bandit RCE Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a record associated with animation. • http://www.securitytracker.com/id?1025340 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0941 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624 • CWE-20: Improper Input Validation •
CVE-2011-0656 – Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0656
Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability." PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004, 2008, y 2011 para Mac; Open XML File Format Converter para Mac; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; y PowerPoint Web App, de Microsoft, no comprueba apropiadamente los registros de PersistDirectoryEntry en documentos de PowerPoint, lo que permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de una Diapositiva con un registro malformado, lo que desencadena una excepción y luego el uso de un método no especificado, también se conoce como "Persist Directory RCE Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles an exception within the PersistDirectoryEntry records when loading a presentation. When an entry points to a container containing a Slide with a malformed record, the application will raise an exception during the loading of the record. • http://osvdb.org/71770 http://www.securityfocus.com/archive/1/517482/100/0/threaded http://www.securityfocus.com/bid/47251 http://www.securitytracker.com/id?1025340 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0941 http://www.zerodayinitiative.com/advisories/ZDI-11-125 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-20: Improper Input Validation •
CVE-2011-0980 – Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0980
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability." Microsoft Office Excel 2003 no parsea correctamente objetos Office Art, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un puntero a función. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw occurs when parsing a document with a malformed Excel document. When parsing an office art object, the application will add the malformed object to a linked list. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://secunia.com/advisories/39122 http://secunia.com/advisories/43210 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-040 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg. • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0979 – Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0979
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability." Excel 2002 SP3, 2003 SP3, 2007 SP2 y 2010; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; y Excel Viewer SP2 de Microsoft, no maneja apropiadamente los errores durante el análisis de registros Art de Office en hojas de cálculo de Excel, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un registro de objeto malformado, relacionado con una "stray reference", también se conoce como "Excel Linked List Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application parses an Office Art record within a Microsoft Excel Document. Specifically, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://osvdb.org/70904 http://secunia.com/advisories/39122 http://secunia.com/advisories/43231 http://www.securitytracker.com/id?1025337 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0940 http://zerodayinitiative.com/advisories/ZDI-11-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 https://oval.cisecurity.org/repository • CWE-20: Improper Input Validation •