CVE-2008-1091 – Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1091
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." Vulnerabilidad no especificada de Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrariamente a través de un archivo de Formato de Texto Enriquecido (.rtf) con una cadena mal formada que provoca un “error de cálculo en memoria” y un desbordamiento de búfer basado en el montículo (heap), también conocido como “Vulnerabilidad de análisis sintáctico de Objeto.” This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. • http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30143 http://www.kb.cert.org/vuls/id/543907 http://www.securityfocus.com/archive/1/492020/100/0/threaded http://www.securityfocus.com/bid/29104 http://www.securitytracker.com/id?1020013 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1504/references http://www.zerodayinitiative.com/advisories/ZDI-08-023 https://docs.microsoft.com/en-u • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-1089
https://notcve.org/view.php?id=CVE-2008-1089
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." Vulnerabilidad sin especificar en Microsoft Visio 2002 SP2, 2003 SP2 y SP3, y 2007 SP1, permite a atacantes asistidos por el usuario ejecutar código de su elección a través de un archivo Visio que contiene datos del objeto de cabecera manipulados, también conocida como "Vulnerabilidad de Objeto de Cabecera de Visio". • http://marc.info/?l=bugtraq&m=120845064910729&w=2 http://secunia.com/advisories/29691 http://www.securityfocus.com/bid/28555 http://www.securitytracker.com/id?1019804 http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.vupen.com/english/advisories/2008/1143/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019 https://exchange.xforce.ibmcloud.com/vulnerabilities/41451 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-1090
https://notcve.org/view.php?id=CVE-2008-1090
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." Vulnerabilidad sin especificar en Microsoft Visio 2002 SP2, 2003 SP2 y SP3, y 2007 hasta SP1, que permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un un archivo .DXF manipulado. También conocida como "Vulnerabilidad de Validación de Memoria en Visio". • http://marc.info/?l=bugtraq&m=120845064910729&w=2 http://secunia.com/advisories/29691 http://www.securityfocus.com/bid/28556 http://www.securitytracker.com/id?1019804 http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.vupen.com/english/advisories/2008/1143/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019 https://exchange.xforce.ibmcloud.com/vulnerabilities/41452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg. • CWE-399: Resource Management Errors •
CVE-2008-0118 – Microsoft Office 2000/2003/2004/XP - File Memory Corruption
https://notcve.org/view.php?id=CVE-2008-0118
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 hasta SP3, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante documento Office manipulado que dispara una corrupción de memoria por un error de asignación (allocation error), también conocido como "Vulnerabilidad de Corrupción de Memoria en Microsoft Office (Microsoft Office Memory Corruption Vulnerability)." • https://www.exploit-db.com/exploits/31361 https://www.exploit-db.com/exploits/5320 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://secunia.com/advisories/29321 http://www.securityfocus.com/bid/28146 http://www.securitytracker.com/id?1019578 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0848/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-016 https://oval.cisecurity.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-1201
https://notcve.org/view.php?id=CVE-2007-1201
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." Vulnerabilidad no especificada en determinados objetos COM de Microsoft Office Web Components 2000 permite a atacantes remotos con la complicidad del usuario ejecutar códigode su elección mediante vectores relativos a DataSource que disparan una corrupción de memoria, también conocido como "Vulnerabilidad en Office Web Components DataSource." • http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://secunia.com/advisories/29328 http://www.securityfocus.com/bid/28136 http://www.securitytracker.com/id?1019581 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0849/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5327 • CWE-94: Improper Control of Generation of Code ('Code Injection') •