CVSS: 9.3EPSS: 56%CPEs: 61EXPL: 0CVE-2009-2528
https://notcve.org/view.php?id=CVE-2009-2528
14 Oct 2009 — GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." GDI+ en Microsoft Office XP SP3 no maneja adecuadamente los objetos mal formados en Office Art Property Tables, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento de Office manipulado que provoca una corrupci... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 54%CPEs: 61EXPL: 0CVE-2009-2503 – Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2503
13 Oct 2009 — GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 76%CPEs: 12EXPL: 2CVE-2009-0565 – Microsoft Word - Record Parsing Buffer Overflow (MS09-027)
https://notcve.org/view.php?id=CVE-2009-0565
10 Jun 2009 — Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability." Desbordamiento de búfer en Microsoft Office Word 2000 SP3, 2002 SP3, y 2007 SP... • https://www.exploit-db.com/exploits/14693 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 57%CPEs: 17EXPL: 0CVE-2009-0224
https://notcve.org/view.php?id=CVE-2009-0224
12 May 2009 — Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include Cha... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=793 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 64%CPEs: 13EXPL: 0CVE-2009-0087
https://notcve.org/view.php?id=CVE-2009-0087
15 Apr 2009 — Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability." Vulnerabilidad no especificada en el conversor de texto Word 6 en WordPad en Microsoft Windows 2000 SP4, XP SP2 y... • http://osvdb.org/53662 •
CVSS: 9.3EPSS: 66%CPEs: 12EXPL: 0CVE-2009-0088
https://notcve.org/view.php?id=CVE-2009-0088
15 Apr 2009 — The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." El conversor WordPerfect 6.x en Microsoft Office Word 2000 SP3 y Microsoft Office Co... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 63%CPEs: 9EXPL: 0CVE-2009-0100
https://notcve.org/view.php?id=CVE-2009-0100
15 Apr 2009 — Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation e... • http://osvdb.org/53665 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 59%CPEs: 19EXPL: 0CVE-2008-4024
https://notcve.org/view.php?id=CVE-2008-4024
10 Dec 2008 — Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." Microsoft Office Word 2000 SP3 y 2002 SP3 y Office 2004 para Mac permiten a los atacantes remotos ejecutar código arbitrario por medio de un documento de Word con un campo lcbPlcfBkfSdt c... • http://www.coresecurity.com/content/word-arbitrary-free • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 71%CPEs: 19EXPL: 0CVE-2008-4025
https://notcve.org/view.php?id=CVE-2008-4025
10 Dec 2008 — Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based... • http://secunia.com/secunia_research/2008-21 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 64%CPEs: 19EXPL: 0CVE-2008-4026
https://notcve.org/view.php?id=CVE-2008-4026
10 Dec 2008 — Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2... • http://www.securitytracker.com/id?1021370 • CWE-399: Resource Management Errors •