CVSS: 9.3EPSS: 56%CPEs: 61EXPL: 0CVE-2009-2528
https://notcve.org/view.php?id=CVE-2009-2528
14 Oct 2009 — GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." GDI+ en Microsoft Office XP SP3 no maneja adecuadamente los objetos mal formados en Office Art Property Tables, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento de Office manipulado que provoca una corrupci... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 54%CPEs: 61EXPL: 0CVE-2009-2503 – Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2503
13 Oct 2009 — GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 75%CPEs: 13EXPL: 1CVE-2009-1534 – Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043)
https://notcve.org/view.php?id=CVE-2009-1534
12 Aug 2009 — Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." Desbordamiento de búfer en Office Web Components ActiveX Control en Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server ... • https://www.exploit-db.com/exploits/16542 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 66%CPEs: 17EXPL: 0CVE-2009-1133 – Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1133
11 Aug 2009 — Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en la conexión remota de escritorio de Microsoft (anteriormente Terminal Services Client) cuando corre RDP desde v5.0 hasta v6.1 e... • http://secunia.com/advisories/36229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 61%CPEs: 13EXPL: 0CVE-2009-2496 – Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-2496
11 Aug 2009 — Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerabili... • http://www.securitytracker.com/id?1022708 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 65%CPEs: 11EXPL: 0CVE-2009-0562 – Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0562
11 Aug 2009 — The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components... • http://www.securitytracker.com/id?1022708 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 27%CPEs: 16EXPL: 0CVE-2009-2493
https://notcve.org/view.php?id=CVE-2009-2493
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 86%CPEs: 11EXPL: 4CVE-2009-1136 – Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1136
15 Jul 2009 — The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourc... • https://www.exploit-db.com/exploits/9163 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 59%CPEs: 16EXPL: 0CVE-2009-0549
https://notcve.org/view.php?id=CVE-2009-0549
10 Jun 2009 — Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability." Excel en Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, y Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; y Microsoft Office Excel Viewer 20... • http://osvdb.org/54952 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 86%CPEs: 11EXPL: 0CVE-2009-0557 – Microsoft Office Object Record Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0557
10 Jun 2009 — Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerabil... • http://osvdb.org/54953 • CWE-94: Improper Control of Generation of Code ('Code Injection') •