CVE-2008-4028 – Microsoft Office RTF Drawing Object Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4028
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a los atacantes remotos ejecutar código arbitrario por medio de palabras de control creadas relacionadas con múltiples etiquetas de Objeto de Dibujo en (1) un archivo RTF o (2) un mensaje de correo electrónico de texto enriquecido, que activa la asignación de memoria incorrecta y un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Word RTF Object Parsing Vulnerability," una vulnerabilidad diferente a la CVE-2008-4030. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft products including Word and Outlook. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists within the parsing of RTF documents containing multiple drawing object tags. First, code within wwlib.dll allocates a buffer for the tag object. • http://www.securityfocus.com/archive/1/499063/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 http://www.zerodayinitiative.com/advisories/ZDI-08-085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-4027 – Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-4027
Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." Vulnerabilidad de Doble Liberación en Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; y Office 2004 para Mac permite a los atacantes remotos ejecutar código arbitrario por medio de un (1) archivo RTF o (2) un mensaje de correo electrónico de texto enriquecido con múltiples etiquetas consecutivas de Objeto de Dibujo ("\do"), que desencadena una "memory calculation error" y una corrupción de memoria, también se conoce como "Word RTF Object Parsing Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing consecutive "\do" Drawing Object tags mso.dll does not properly verify the integrity of the object and frees a memory buffer twice, leading to heap corruption. • http://www.securityfocus.com/archive/1/499062/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 http://www.zerodayinitiative.com/advisories/ZDI-08-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6098 • CWE-399: Resource Management Errors •
CVE-2008-2248
https://notcve.org/view.php?id=CVE-2008-2248
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. La vulnerabilidad de tipo Cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server 2003 SP2, permite a atacantes remotos inyectar script web o HTML por medio de HTML no especificado, una vulnerabilidad diferente a la CVE-2008-2247. • http://secunia.com/advisories/30964 http://www.securityfocus.com/bid/30078 http://www.securitytracker.com/id?1020439 http://www.us-cert.gov/cas/techalerts/TA08-190A.html http://www.vupen.com/english/advisories/2008/2021/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/43329 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-3068
https://notcve.org/view.php?id=CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocación de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electrónico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura y direcciones IP de recipientes, y resultados de escaneo de puerto, a través de un certificado manipulado con una extensión de de una Authority Information Access (AIA). • http://securityreason.com/securityalert/3978 http://www.securityfocus.com/archive/1/493947/100/0/threaded http://www.securityfocus.com/archive/1/494101/100/0/threaded http://www.securityfocus.com/bid/28548 http://www.securitytracker.com/id?1019736 http://www.securitytracker.com/id?1019737 http://www.securitytracker.com/id?1019738 https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt https://www.cynops.de/advisories/AK •