CVSS: 7.8EPSS: 39%CPEs: 17EXPL: 0CVE-2006-2387 – Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2006-2387
10 Oct 2006 — Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. Vulnerabilidad no especificada en Microsoft Excel 2000, 2002, 2003, 2004 para Mac, v.X para Mac, Excel Viewer 2003, y Microsoft Works Suite 2004 hasta la 2006 permite a atacantes con la compli... • http://securitytracker.com/id?1017031 •
CVSS: 9.3EPSS: 54%CPEs: 14EXPL: 0CVE-2006-3435 – Microsoft PowerPoint Malformed Slide Notes Rebuilding Vulnerability
https://notcve.org/view.php?id=CVE-2006-3435
10 Oct 2006 — PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. PowerPoint en Microsoft Office 2000, XP, 2003, 2004 para Mac, y v.X para Mac no ana... • http://securitytracker.com/id?1017030 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 52%CPEs: 16EXPL: 0CVE-2006-3650 – Microsoft Word Malformed Chart Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-3650
10 Oct 2006 — Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. Microsoft Office 2000, XP, 2003, 2004 para Mac, y v.X para Mac no analiza adecuadamente la longitud de un regis... • http://secunia.com/advisories/22339 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 46%CPEs: 8EXPL: 0CVE-2006-4694
https://notcve.org/view.php?id=CVE-2006-4694
27 Sep 2006 — Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office XP y Office 2003 permite a ... • http://secunia.com/advisories/22127 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 72%CPEs: 7EXPL: 1CVE-2006-0001
https://notcve.org/view.php?id=CVE-2006-0001
12 Sep 2006 — Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. Desbordamiento de búfer basado en montón en Microsoft Publisher 2000 hasta 2003, permite a los atacantes con la complicidad del usuario ejecutar código de su elección a través de un fichero PUB artesanal, el cual provoca un desbordamiento cuando analiza sintacticamente las fuentes. • http://secunia.com/advisories/21863 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 46%CPEs: 14EXPL: 0CVE-2006-4534
https://notcve.org/view.php?id=CVE-2006-4534
05 Sep 2006 — Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. Vulnerabilidad no especificada en Microsoft Word 2000, 2002 y Office 2003 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de vectores no especificados involucrando un archiv... • http://blogs.securiteam.com/?p=586 •
CVSS: 9.3EPSS: 59%CPEs: 4EXPL: 0CVE-2006-0007
https://notcve.org/view.php?id=CVE-2006-0007
11 Jul 2006 — Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. Desbordamiento de búfer en GIFIMP32.FLT, usado por Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, y otros productos, permite ataques asistidos por usuario para ejecutar código de su elección mediante una imagen GIF especialmente ... • http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 45%CPEs: 4EXPL: 0CVE-2006-0033
https://notcve.org/view.php?id=CVE-2006-0033
11 Jul 2006 — Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. Vulnerabilidad no especificada en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes con la ayuda del usuario ejecutar código de su elección a través de una imagen PNG manipulada que induce una corrupción de memo... • http://secunia.com/advisories/21013 •
CVSS: 9.3EPSS: 74%CPEs: 4EXPL: 1CVE-2006-2389 – Microsoft Office 2000/2002 - Property Code Execution
https://notcve.org/view.php?id=CVE-2006-2389
11 Jul 2006 — Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. Vulnerabilidad no especificada en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes ayuda... • https://www.exploit-db.com/exploits/28198 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 46%CPEs: 4EXPL: 0CVE-2006-1316
https://notcve.org/view.php?id=CVE-2006-1316
11 Jul 2006 — Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. Vulnerabilidad sin especificar en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes ayudados p... • http://secunia.com/advisories/21012 • CWE-94: Improper Control of Generation of Code ('Code Injection') •