CVSS: 9.3EPSS: 90%CPEs: 18EXPL: 0CVE-2008-4264
https://notcve.org/view.php?id=CVE-2008-4264
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Excel Viewer 2003 Gold y SP3; Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac que permite a los atacantes remotos ejecutar arbitrariamente código a través de hojas de Excel manipulada que pueden contener fórmular malformadas, las cuales lanzan una "corrupción de puntero" durante la carga de fórmulas desde esta hoja, alias "Vulnerabilidad de analizador de formato de archivo" • http://www.securityfocus.com/bid/32621 http://www.securitytracker.com/id?1021368 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3386 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 61%CPEs: 19EXPL: 0CVE-2008-4030
https://notcve.org/view.php?id=CVE-2008-4030
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1, permiten a atacantes remotos ejecutar código de su elección a través de palabras de control manipuladas en ficheros (1) RTF o (2) e-mail con texto enriquecido, lo que provoca una asignación incorrecta de memoria y una corrupción de memoria, también conocida como "Vulnerabilidad Word RTF Object Parsing". Vulnerabilidad diferente de CVE-2008-4028. • http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 91%CPEs: 18EXPL: 0CVE-2008-4265
https://notcve.org/view.php?id=CVE-2008-4265
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." Microsoft Office Excel 2000 SP3 permite a atacantes remotos ejecutar código de su elección mediante una hoja de cálculo manipulada que contiene un objeto malformado, lo que dispara una corrupción de memoria durante la carga de registros desde esta hoja de cálculo, alias "Vulnerabilidad de Análisis de Formato de Fichero". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763 http://www.securitytracker.com/id?1021368 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3386 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 61%CPEs: 19EXPL: 0CVE-2008-4031
https://notcve.org/view.php?id=CVE-2008-4031
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección a través de una cadena mal formada en (1) un archivo RTF o (2) una mensaje de correo electrónico con texto enriquecido, que provoca una asignación incorrecta de memoria y una corrupción de memoria, también conocido como "Vulnerabilidad de análisis sintáctico de objeto en Word RTF." • http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 81%CPEs: 19EXPL: 0CVE-2008-4024
https://notcve.org/view.php?id=CVE-2008-4024
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." Microsoft Office Word 2000 SP3 y 2002 SP3 y Office 2004 para Mac permiten a los atacantes remotos ejecutar código arbitrario por medio de un documento de Word con un campo lcbPlcfBkfSdt creado en el Bloque de Información de Archivos (FIB), que omite un paso de inicialización y activa un "arbitrary free," aka "Word Memory Corruption Vulnerability." • http://www.coresecurity.com/content/word-arbitrary-free http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf http://www.securityfocus.com/archive/1/499086/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-94: Improper Control of Generation of Code ('Code Injection') •