CVSS: 9.3EPSS: 62%CPEs: 10EXPL: 0CVE-2008-1090
https://notcve.org/view.php?id=CVE-2008-1090
08 Apr 2008 — Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." Vulnerabilidad sin especificar en Microsoft Visio 2002 SP2, 2003 SP2 y SP3, y 2007 hasta SP1, que permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un un archivo .DXF manipulado. También conocida como "Vulnerabilidad de Validación de Memori... • http://marc.info/?l=bugtraq&m=120845064910729&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 60%CPEs: 1EXPL: 0CVE-2007-0934
https://notcve.org/view.php?id=CVE-2007-0934
12 Jun 2007 — Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Visio 202 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante un archivo de Visio (.VSD, .VSS, .VST) con un número de versión manipulado que dispara una corrupción de memoria. • http://osvdb.org/35342 •
CVSS: 9.3EPSS: 60%CPEs: 2EXPL: 0CVE-2007-0936
https://notcve.org/view.php?id=CVE-2007-0936
12 Jun 2007 — Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." Múltiples vulnerabilidades no especificadas en Microsoft Visio 2002 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante un archivo Visio (.VSD, .VSS, .VST) con un objeto empaquetado manipulado que ... • http://osvdb.org/35343 •
CVSS: 9.3EPSS: 62%CPEs: 36EXPL: 0CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
03 Feb 2007 — Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque descon... • http://osvdb.org/31901 •
CVSS: 9.3EPSS: 39%CPEs: 5EXPL: 0CVE-2006-5574
https://notcve.org/view.php?id=CVE-2006-5574
31 Dec 2006 — Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. Vulnerabilidad no especificada en Brazilian Portuguese Grammar Checker en Microsoft Office 2003 y el Multilingual Interface para Office 2003, Project 2003, y Visio 2003 permite a un atacante remoto con la intervención de un usuari... • http://secunia.com/advisories/23671 •
CVSS: 9.3EPSS: 45%CPEs: 9EXPL: 0CVE-2006-3864
https://notcve.org/view.php?id=CVE-2006-3864
10 Oct 2006 — Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. Vulnerabilidad no especificada en el mso.dll de Microsoft Office 2000, ... • http://secunia.com/advisories/22339 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 36%CPEs: 35EXPL: 0CVE-2006-3877
https://notcve.org/view.php?id=CVE-2006-3877
10 Oct 2006 — Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervención del usuario ejecutar có... • http://securitytracker.com/id?1017030 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 42%CPEs: 41EXPL: 3CVE-2005-2127 – Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-2127
19 Aug 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrat... • https://www.exploit-db.com/exploits/26167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 37%CPEs: 22EXPL: 0CVE-2004-0848
https://notcve.org/view.php?id=CVE-2004-0848
08 Feb 2005 — Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. • http://www.kb.cert.org/vuls/id/416001 •
CVSS: 9.3EPSS: 75%CPEs: 43EXPL: 6CVE-2004-0200 – Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)
https://notcve.org/view.php?id=CVE-2004-0200
17 Sep 2004 — Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. Desbordamiento de búfer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar código de su elección mediante un campo de longitud ... • https://www.exploit-db.com/exploits/474 •