CVSS: 9.3EPSS: 55%CPEs: 16EXPL: 0CVE-2009-0558
https://notcve.org/view.php?id=CVE-2009-0558
10 Jun 2009 — Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." Error de índice de matriz en Excel en Office 2000 SP3 y Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un ... • http://osvdb.org/54954 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 60%CPEs: 16EXPL: 0CVE-2009-0559
https://notcve.org/view.php?id=CVE-2009-0559
10 Jun 2009 — Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." Desbordamiento de búfer basado en pila en Excel en Microsoft Office 2000 SP3 y Office XP SP3, permite a atacantes remotos ejecutar código de su elección a través de un archivo Excel con un objeto de registro mal formado, también conocido como "Vulnerabilidad String Co... • http://www.securityfocus.com/bid/35243 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 66%CPEs: 16EXPL: 0CVE-2009-0560
https://notcve.org/view.php?id=CVE-2009-0560
10 Jun 2009 — Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruptio... • http://osvdb.org/54956 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 66%CPEs: 16EXPL: 0CVE-2009-0561
https://notcve.org/view.php?id=CVE-2009-0561
10 Jun 2009 — Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 62%CPEs: 16EXPL: 0CVE-2009-1134 – Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1134
10 Jun 2009 — Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability." Excel en 2007 Office System SP1 y SP2 de Microsoft; Office Excel Viewer de Microsoft; y Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007... • http://osvdb.org/54958 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 66%CPEs: 12EXPL: 0CVE-2009-0088
https://notcve.org/view.php?id=CVE-2009-0088
15 Apr 2009 — The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." El conversor WordPerfect 6.x en Microsoft Office Word 2000 SP3 y Microsoft Office Co... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 60%CPEs: 3EXPL: 0CVE-2009-0098
https://notcve.org/view.php?id=CVE-2009-0098
10 Feb 2009 — Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2 y Exchange Server 2007 SP1; no interpreta adecuadamente las propiedades de Transport Neutral Encapsulation (TNEF), esto permite a atacantes remotos ejecutar cód... • http://osvdb.org/51837 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 71%CPEs: 3EXPL: 0CVE-2009-0099
https://notcve.org/view.php?id=CVE-2009-0099
10 Feb 2009 — The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." El proveedor Electronic Messaging System Microsoft Data Base (EMSMDB32) en Microsoft Exchange 2000 Server SP3 y Exchange Server 2003 SP2, utilizado como Exchange System Attendant, permite a ... • http://osvdb.org/51838 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 58%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expre... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 75%CPEs: 17EXPL: 6CVE-2008-4037 – Microsoft Windows - SMB Relay Code Execution (MS08-068)
https://notcve.org/view.php?id=CVE-2008-4037
12 Nov 2008 — Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. Se presenta una vulnerabilidad en Microsoft Windows 2000 Gold hasta SP4, ... • https://www.exploit-db.com/exploits/16360 • CWE-287: Improper Authentication •