CVE-2010-3236
https://notcve.org/view.php?id=CVE-2010-3236
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." Microsoft Excel 2002 SP3 y 2003 SP3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac no valida adecuadamente información de registro, que permite a atacantes remotos ejecutar código de su elección a través de documentos Excel manipulados, también conocido como "Out Of Bounds Array Vulnerability". • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7209 • CWE-20: Improper Input Validation •
CVE-2010-3232
https://notcve.org/view.php?id=CVE-2010-3232
Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability." Microsoft Excel 2003 SP3 y 2007 SP2; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 no valida adecuadamente la información de registro, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento excel manipulado, también conocido como "Vulnerabilidad Excel File Format Parsing" • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575 • CWE-20: Improper Input Validation •
CVE-2010-3242
https://notcve.org/view.php?id=CVE-2010-3242
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." Microsoft Excel 2002 SP3, Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac no valida adecuadamente la información de registro, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento Excel manipulado, también conocido como "Vulnerabilidad Ghost Record Type Parsing" • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6902 • CWE-20: Improper Input Validation •
CVE-2010-2738 – Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)
https://notcve.org/view.php?id=CVE-2010-2738
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." La implementación Uniscribe (conocido como nuevo Unicode Script Processor) en USP10.DLL de Microsoft Windows XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, y Server 2008 Gold y SP2, y Microsoft Office XP SP3, 2003 SP3, y 2007 SP2, no valida adecuadamente tablas asociadas con fuentes OpenType malformadas, lo cual permite a atacantes remotos ejecutar código a su elección a través de (1) un sitio web o (2) un documento Office manipulados, también conocido como "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." • https://www.exploit-db.com/exploits/15158 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7214 • CWE-20: Improper Input Validation •
CVE-2010-1901
https://notcve.org/view.php?id=CVE-2010-1901
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability." Microsoft Office Word 2002 SP3, 2003 SP3, y 2007 SP2; Microsoft Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Word Viewer; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2, no manejan adecuadamente propiedades sin especificar datos de texto enriquecido, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de un documento RTF manipulado. También conocido como "Word RTF Parsing Engine Memory Corruption Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612 • CWE-94: Improper Control of Generation of Code ('Code Injection') •