CVSS: 7.5EPSS: 4%CPEs: 23EXPL: 0CVE-2008-3068
https://notcve.org/view.php?id=CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocación de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electrónico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura y direcciones IP de recipientes, y resultados de escaneo de puerto, a través de un certificado manipulado con una extensión de de una Authority Information Access (AIA). • http://securityreason.com/securityalert/3978 http://www.securityfocus.com/archive/1/493947/100/0/threaded http://www.securityfocus.com/archive/1/494101/100/0/threaded http://www.securityfocus.com/bid/28548 http://www.securitytracker.com/id?1019736 http://www.securitytracker.com/id?1019737 http://www.securitytracker.com/id?1019738 https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt https://www.cynops.de/advisories/AK •
CVSS: 9.3EPSS: 62%CPEs: 6EXPL: 0CVE-2008-0119
https://notcve.org/view.php?id=CVE-2008-0119
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." Vulnerabilidad sin especificar en Microsoft publisher en Office XP SP3, 2003 SP2 y SP3 y 2007 SP1 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un fichero publisher con datos en el objeto de cabecera manipulados lo que provoca una corrupción de memoria, también conocido como "Vulnerabilidad en la validación del manejo del objeto"· • http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30150 http://www.securityfocus.com/archive/1/492073/100/0/threaded http://www.securityfocus.com/bid/29158 http://www.securitytracker.com/id?1020015 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1505/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-027 https://oval.cisecurity.org/repository/search/definition/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 75%CPEs: 12EXPL: 0CVE-2008-1434
https://notcve.org/view.php?id=CVE-2008-1434
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. Una vulnerabilidad de uso de la memoria previamente liberada en Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un documento HTML con un gran número de Cascading Style Sheets (CSS), relacionado con un "memory handling error" que desencadena una corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700 http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30143 http://www.securityfocus.com/bid/29105 http://www.securitytracker.com/id?1020014 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1504/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026 https://oval.cisecurity.org/repository/search/definit • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 69%CPEs: 12EXPL: 0CVE-2008-1091 – Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1091
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." Vulnerabilidad no especificada de Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrariamente a través de un archivo de Formato de Texto Enriquecido (.rtf) con una cadena mal formada que provoca un “error de cálculo en memoria” y un desbordamiento de búfer basado en el montículo (heap), también conocido como “Vulnerabilidad de análisis sintáctico de Objeto.” This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. • http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30143 http://www.kb.cert.org/vuls/id/543907 http://www.securityfocus.com/archive/1/492020/100/0/threaded http://www.securityfocus.com/bid/29104 http://www.securitytracker.com/id?1020013 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1504/references http://www.zerodayinitiative.com/advisories/ZDI-08-023 https://docs.microsoft.com/en-u • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 96%CPEs: 3EXPL: 5CVE-2008-1898 – Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-1898
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. Un cierto control ActiveX en la biblioteca WkImgSrv.dll versión 7.03.0616.0, tal como se distribuye en Microsoft Works 7 y Microsoft Office 2003 y 2007, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo del navegador) por medio de un valor de propiedad WksPictureInterface no válido, que desencadena una llamada de función inapropiada. The Microsoft Works ActiveX control (WkImgSrv.dll) could allow a remote attacker to execute arbitrary code on a system. By passing a negative integer to the WksPictureInterface method, an attacker could execute arbitrary code on the system with privileges of the victim. Change 168430090 /0X0A0A0A0A to 202116108 / 0x0C0C0C0C FOR IE6. • https://www.exploit-db.com/exploits/5460 https://www.exploit-db.com/exploits/5530 https://www.exploit-db.com/exploits/16649 http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0029.html http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx http://www.securityfocus.com/archive/1/491027/100/0/threaded http://www.securityfocus.com/bid/28820 https://exchange.xforce.ibmcloud.com/vulnerabilities/41876 • CWE-20: Improper Input Validation •