Page 55 of 297 results (0.009 seconds)

CVSS: 9.3EPSS: 73%CPEs: 14EXPL: 0

CVE-2006-3435 – Microsoft PowerPoint Malformed Slide Notes Rebuilding Vulnerability

https://notcve.org/view.php?id=CVE-2006-3435

PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. PowerPoint en Microsoft Office 2000, XP, 2003, 2004 para Mac, y v.X para Mac no analiza adecuadamente el campo de notas de diapositiva en un documento, lo cual permite a atacantes con la intervención del usuario ejecutar código de su elección mediante datos manipulados en este campo, lo cual dispara un cálculo erróneo de puntero de objeto que utiliza datos de dentro del documento. NOTA: este problema es diferente de otras vulnerabilidades PowerPoint incluyendo CVE-2006-4694. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. • http://securitytracker.com/id?1017030 http://www.kb.cert.org/vuls/id/187028 http://www.osvdb.org/29446 http://www.securityfocus.com/archive/1/448149/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20304 http://www.vupen.com/english/advisories/2006/3977 http://www.zerodayinitiative.com/advisories/ZDI-06-032.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058 https://oval.c • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 79%CPEs: 8EXPL: 0

CVE-2006-4694

https://notcve.org/view.php?id=CVE-2006-4694

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office XP y Office 2003 permite a un atacante remoto con la intervención del usuario ejecutar código de su elección a través de un archivo PPT artesanal, según lo explotado por el malware como por ejemploExploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, y Exploit-PPT.d/Trojan.PPDropper.F. • http://secunia.com/advisories/22127 http://securitytracker.com/id?1016937 http://vil.nai.com/vil/content/v_140666.htm http://www.avertlabs.com/research/blog/?p=95 http://www.kb.cert.org/vuls/id/231204 http://www.microsoft.com/technet/security/advisory/925984.mspx http://www.osvdb.org/29259 http://www.securityfocus.com/archive/1/447831/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20226 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 1

CVE-2006-0001

https://notcve.org/view.php?id=CVE-2006-0001

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. Desbordamiento de búfer basado en montón en Microsoft Publisher 2000 hasta 2003, permite a los atacantes con la complicidad del usuario ejecutar código de su elección a través de un fichero PUB artesanal, el cual provoca un desbordamiento cuando analiza sintacticamente las fuentes. • http://secunia.com/advisories/21863 http://securityreason.com/securityalert/1548 http://securitytracker.com/id?1016825 http://www.computerterrorism.com/research/ct12-09-2006-2.htm http://www.kb.cert.org/vuls/id/406236 http://www.securityfocus.com/archive/1/445824/100/0/threaded http://www.securityfocus.com/archive/1/446630/100/100/threaded http://www.securityfocus.com/bid/19951 http://www.us-cert.gov/cas/techalerts/TA06-255A.html http://www.vupen.com/english/advisories&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 82%CPEs: 4EXPL: 0

CVE-2006-1316

https://notcve.org/view.php?id=CVE-2006-1316

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. Vulnerabilidad sin especificar en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes ayudados por el usuario ejecutar código de su elección a través de un archivo Office con una cadena mal formada que dispara una corrupción de memoria relacionada con longitudes de archivo, también conocido como "Microsoft Office Parsing Vulnerability (Vulnerabilidad de Análisis Sintáctico de Microsoft Office)", una vulnerabilidad distinta de CVE-2006-2389. • http://secunia.com/advisories/21012 http://securitytracker.com/id?1016469 http://www.kb.cert.org/vuls/id/580036 http://www.osvdb.org/27148 http://www.securityfocus.com/bid/18912 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2756 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/27607 https://oval.cisecurity.org/repository/search/definition/ov • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 96%CPEs: 4EXPL: 0

CVE-2006-0007

https://notcve.org/view.php?id=CVE-2006-0007

Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. Desbordamiento de búfer en GIFIMP32.FLT, usado por Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, y otros productos, permite ataques asistidos por usuario para ejecutar código de su elección mediante una imagen GIF especialmente modificada para provocar la corrupción de la memoria cuando es analizada sintácticamente. • http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0005.html http://secunia.com/advisories/21013 http://securitytracker.com/id?1016470 http://www.kb.cert.org/vuls/id/668564 http://www.osvdb.org/27146 http://www.securityfocus.com/archive/1/439887/100/0/threaded http://www.securityfocus.com/bid/18915 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2757 https://docs.microsoft.com/en-us/security-updates/securitybull • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •