CVSS: 9.3EPSS: 94%CPEs: 4EXPL: 2CVE-2008-0108 – Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)
https://notcve.org/view.php?id=CVE-2008-0108
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." Un desbordamiento de búfer en la región stack de la memoria en la biblioteca wkcvqd01.dll en Microsoft Works versión 6 File Converter, tal y como es usado en Office 2003 SP2 y SP3, Works versión 8.0 y Works Suite 2005, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo .wps con longitudes de campo diseñado, también se conoce como "Microsoft Works File Converter Field Length Vulnerability". • https://www.exploit-db.com/exploits/5107 https://www.exploit-db.com/exploits/31118 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660 http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28904 http://www.securityfocus.com/bid/27659 http://www.securitytracker.com/id?1019388 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0513/references https://docs.microsoft.com/en-us/sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 74%CPEs: 8EXPL: 0CVE-2007-1202
https://notcve.org/view.php?id=CVE-2007-1202
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." Word (o Word Viewer) en Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 para Mac y Works Suite 2004, 2005 y 2006 no analiza apropiadamente ciertas "property strings of certain control words”, de texto enriquecido, lo que permite que los atacantes remotos asistidos por el usuario desencadenen corrupción de pila y ejecutar código arbitrario, también se conoce como la "Word RTF Parsing Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525 http://www.kb.cert.org/vuls/id/555489 http://www.osvdb.org/34388 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23836 http://www.securitytracker.com/id?1018013 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1709 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024 https:/ • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 10%CPEs: 11EXPL: 0CVE-2007-0208
https://notcve.org/view.php?id=CVE-2007-0208
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. Microsoft Word en Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 hasta 2006 y Office 2004 para Mac, no comprueba correctamente las propiedades de ciertos documentos y advierte al usuario del contenido de macros, lo que permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario. • http://www.osvdb.org/34385 http://www.securityfocus.com/bid/22477 http://www.securitytracker.com/id?1017639 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0583 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A700 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 96%CPEs: 11EXPL: 2CVE-2007-0515 – Microsoft Word 2000 - Code Execution
https://notcve.org/view.php?id=CVE-2007-0515
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. Una vulnerabilidad no especificada en Microsoft Word, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario en Word 2000, y causar una denegación de servicio en Word 2003, por medio de vectores de ataque desconocidos que desencadenan una corrupción de memoria, como es explotado por Trojan.Mdropper.W y posteriores por Trojan.Mdropper.X, un problema diferente de CVE-2006-6456, CVE-2006-5994, y CVE-2006-6561. • https://www.exploit-db.com/exploits/3260 https://www.exploit-db.com/exploits/29524 http://isc.sans.org/diary.html?storyid=2133 http://osvdb.org/31900 http://secunia.com/advisories/23950 http://securitytracker.com/id?1017564 http://www.kb.cert.org/vuls/id/412225 http://www.microsoft.com/technet/security/advisory/932114.mspx http://www.securityfocus.com/bid/22225 http://www.securityfocus.com/bid/22328 http://www.symantec.com/enterprise/security_response/weblog/2007/0 •
CVSS: 9.3EPSS: 66%CPEs: 11EXPL: 0CVE-2007-0029
https://notcve.org/view.php?id=CVE-2007-0029
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 para Mac, y v.X para Mac permite a un atacante remotos con la intervención del usuario ejecutar código de su elección a través de cadenas mal formadas, tambien conocido como "Vulnerabilidad de cadenas Excel mal formadas" • http://securitytracker.com/id?1017487 http://www.osvdb.org/31256 http://www.securityfocus.com/archive/1/457274/100/0/threaded http://www.securityfocus.com/bid/21877 http://www.us-cert.gov/cas/techalerts/TA07-009A.html http://www.vupen.com/english/advisories/2007/0103 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1102 •