CVE-2009-0095
https://notcve.org/view.php?id=CVE-2009-0095
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3 y 2007 SP1 no valida adecuadamente los datos Object de los ficheros Visio, esto permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado. También se conoce como "Vulnerabilidad de Validación de Memoria". • http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0391 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179 • CWE-399: Resource Management Errors •
CVE-2009-0096
https://notcve.org/view.php?id=CVE-2009-0096
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 no realiza correctamente la copia de memoria para los datos de objetos, lo que permite a atacantes remotos ejecutar código a su elección a través de un documento de Visio manipulado, también conocido como "Vulnerabilidad de corrupción de memoria" • http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0391 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172 • CWE-399: Resource Management Errors •
CVE-2009-0097
https://notcve.org/view.php?id=CVE-2009-0097
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." Microsoft Office Visio v2002 SP2 and v2003 SP3 no valida de forma adecuada el posicionamiento en memoria de los ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado, también conocido como "Memory Corruption Vulerability" • http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0391 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188 • CWE-399: Resource Management Errors •
CVE-2008-3014
https://notcve.org/view.php?id=CVE-2008-3014
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." Desbordamiento de búfer en gdiplus.dll en GDI+ en Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security 1.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen WMF que lanza una asignación de memoria inadecuada, también conocida como "Vulnerabilidad GDI+ WMF Buffer Overrun". • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31021 http://www.securitytracker.com/id?1020837 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3013 – Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3013
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." La biblioteca gdiplus.dll en GDI en Microsoft Internet Explorer versión 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works versión 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security versión 1.0, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de imagen GIF malformado que contiene muchos marcadores de extensión para extensiones de control gráfico y etiquetas desconocidas posteriores, también se conoce como "GDI+ GIF Parsing Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted GIF files. By supplying a malformed graphic control extension an attacker can trigger an exploitable memory corruption condition. • https://www.exploit-db.com/exploits/6716 http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/archive/1/496154/100/0/threaded http://www.securityfocus.com/bid/31020 http://www.securitytracker.com/id?1020836 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com • CWE-399: Resource Management Errors •