CVSS: 9.3EPSS: 53%CPEs: 5EXPL: 0CVE-2008-0109
https://notcve.org/view.php?id=CVE-2008-0109
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. Word en Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2 y Office Word Viewer 2003, permite a los atacantes remotos ejecutar código arbitrario por medio de campos especialmente diseñados dentro del File Information Block (FIB) de un archivo de Word, lo que desencadena errores de cálculo de longitud y corrupción de memoria. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28901 http://www.kb.cert.org/vuls/id/692417 http://www.securityfocus.com/archive/1/488071/100/0/threaded http://www.securityfocus.com/bid/27656 http://www.securitytracker.com/id?1019374 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0511/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009 https:/ • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 74%CPEs: 4EXPL: 0CVE-2008-0104
https://notcve.org/view.php?id=CVE-2008-0104
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." Vulnerabilidad sin especificar en Microsoft Office Publisher 2000, 2002 y 2003 SP2. Permite a atacantes remotos ejecutar código de su elección a través de un archivo .pub manipulado, también conocido como "Publisher Memory Corruption Vulnerability." • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28906 http://www.securityfocus.com/bid/27740 http://www.securitytracker.com/id?1019377 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0514/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4547 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 75%CPEs: 2EXPL: 0CVE-2007-6329
https://notcve.org/view.php?id=CVE-2007-6329
Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. Microsoft Office 2007 12.0.6015.5000 y MSO 12.0.6017.5000 no firma la meta-información de documentos Office Open XML (OOXML), lo cual hace más fácil para atacantes remotos modificar campos de meta-datos Dublin Core, como ha sido demostrado por los campos (1) LastModifiedBy y (2) creator en docProps/core.xml en el contenedor OOXML ZIP. • http://osvdb.org/44938 http://securityreason.com/securityalert/3443 http://www.securityfocus.com/archive/1/484919/100/0/threaded http://www.securityfocus.com/bid/26833 https://exchange.xforce.ibmcloud.com/vulnerabilities/39021 • CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 81%CPEs: 5EXPL: 0CVE-2007-3899
https://notcve.org/view.php?id=CVE-2007-3899
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft Word 2000 SP3, Word 2002 SP3, Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante cadenas mal formadas en un fichero Word, también conocido como "Vulnerabilidad de Corrupción de Memoria en Word". • http://secunia.com/advisories/27151 http://securitytracker.com/id?1018790 http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/25906 http://www.us-cert.gov/cas/techalerts/TA07-282A.html http://www.vupen.com/english/advisories/2007/3440 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1879 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 37%CPEs: 8EXPL: 0CVE-2007-3890
https://notcve.org/view.php?id=CVE-2007-3890
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. Microsoft Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP2, y Office 2004 para Mac permite a atacantes remotos ejecutar código de su elección mediante un Espacio de Trabajo (Workspace) con un determinado valor de índice que dispara una corrupción de memoria. • http://secunia.com/advisories/26145 http://www.securityfocus.com/bid/25280 http://www.securitytracker.com/id?1018561 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2868 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2149 •