CVE-2008-1091 – Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1091
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." Vulnerabilidad no especificada de Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrariamente a través de un archivo de Formato de Texto Enriquecido (.rtf) con una cadena mal formada que provoca un “error de cálculo en memoria” y un desbordamiento de búfer basado en el montículo (heap), también conocido como “Vulnerabilidad de análisis sintáctico de Objeto.” This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. • http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30143 http://www.kb.cert.org/vuls/id/543907 http://www.securityfocus.com/archive/1/492020/100/0/threaded http://www.securityfocus.com/bid/29104 http://www.securitytracker.com/id?1020013 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1504/references http://www.zerodayinitiative.com/advisories/ZDI-08-023 https://docs.microsoft.com/en-u • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0118 – Microsoft Office 2000/2003/2004/XP - File Memory Corruption
https://notcve.org/view.php?id=CVE-2008-0118
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 hasta SP3, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante documento Office manipulado que dispara una corrupción de memoria por un error de asignación (allocation error), también conocido como "Vulnerabilidad de Corrupción de Memoria en Microsoft Office (Microsoft Office Memory Corruption Vulnerability)." • https://www.exploit-db.com/exploits/31361 https://www.exploit-db.com/exploits/5320 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://secunia.com/advisories/29321 http://www.securityfocus.com/bid/28146 http://www.securitytracker.com/id?1019578 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0848/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-016 https://oval.cisecurity.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-1201
https://notcve.org/view.php?id=CVE-2007-1201
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." Vulnerabilidad no especificada en determinados objetos COM de Microsoft Office Web Components 2000 permite a atacantes remotos con la complicidad del usuario ejecutar códigode su elección mediante vectores relativos a DataSource que disparan una corrupción de memoria, también conocido como "Vulnerabilidad en Office Web Components DataSource." • http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://secunia.com/advisories/29328 http://www.securityfocus.com/bid/28136 http://www.securitytracker.com/id?1019581 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0849/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5327 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0110
https://notcve.org/view.php?id=CVE-2008-0110
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. Vulnerabilidad no especificada de Microsoft Outlook en Office 2000 SP3, XP SP3, 2003 SP2 y Sp3, y sistemas Office permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante la modificación de un mailto URI. • http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://secunia.com/advisories/29320 http://www.kb.cert.org/vuls/id/393305 http://www.securityfocus.com/bid/28147 http://www.securitytracker.com/id?1019579 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0847/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0117 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0117
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 y 2002 SP2, y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante valores de formateo condicional (conditional formatting values), también conocido como "Vulnerabilidad Excel de formateo condicional". • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28170 http://www.securitytracker.com/id?1019587 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5508 •