Page 43 of 269 results (0.020 seconds)

CVSS: 7.6EPSS: 78%CPEs: 10EXPL: 0

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. Un desbordamiento de búfer en la región stack de la memoria en Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 y 2003 Viewer permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo BIFF .XLS con un registro de gráfico con nombre inapropiado, lo que resulta en corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed Named Graph record, user-supplied data may be copied to the stack unchecked thereby leading to an exploitable stack-based buffer overflow. • http://secunia.com/advisories/25150 http://www.osvdb.org/34393 http://www.securityfocus.com/archive/1/467988/100/0/threaded http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23760 http://www.securitytracker.com/id?1018012 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1708 http://www.zerodayinitiative.com/advisories/ZDI-07-026.html https://docs.microsoft.com/en-us/securit •

CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 0

Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. Microsoft Office 2003 permite a atacantes con la intervención del usuario provocar denegación de servicio (caida de aplicación) procurando insertar un archvio WMF corrupto. • http://osvdb.org/34489 http://securityvulns.com/Qdocument120.html http://www.securityfocus.com/archive/1/461373/100/0/threaded • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 10%CPEs: 11EXPL: 0

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. Microsoft Word en Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 hasta 2006 y Office 2004 para Mac, no comprueba correctamente las propiedades de ciertos documentos y advierte al usuario del contenido de macros, lo que permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario. • http://www.osvdb.org/34385 http://www.securityfocus.com/bid/22477 http://www.securitytracker.com/id?1017639 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0583 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A700 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 14%CPEs: 7EXPL: 0

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. Microsoft Word en Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 hasta 2006 y Office 2004 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo Word con un objeto de dibujo malformado, lo que conlleva a una corrupción de memoria. • http://osvdb.org/34386 http://www.securityfocus.com/bid/22482 http://www.securitytracker.com/id?1017639 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0583 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A187 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 89%CPEs: 10EXPL: 0

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. El componente RichEdit en Microsoft Windows 2000 SP4, XP SP2, y 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, y Office 2004 para Mac; y Learning Essentials para Microsoft Office 1.0, 1.1, y 1.5 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un objeto OLE mal formado en un fichero RTF, lo cual provoca una corrupción de memoria. • http://secunia.com/advisories/24152 http://www.kb.cert.org/vuls/id/368132 http://www.osvdb.org/31886 http://www.securityfocus.com/bid/21876 http://www.securitytracker.com/id?1017640 http://www.securitytracker.com/id?1017641 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0582 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/30592 https:/ •