CVE-2008-4031
https://notcve.org/view.php?id=CVE-2008-4031
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección a través de una cadena mal formada en (1) un archivo RTF o (2) una mensaje de correo electrónico con texto enriquecido, que provoca una asignación incorrecta de memoria y una corrupción de memoria, también conocido como "Vulnerabilidad de análisis sintáctico de objeto en Word RTF." • http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952 • CWE-399: Resource Management Errors •
CVE-2008-4024
https://notcve.org/view.php?id=CVE-2008-4024
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." • http://www.coresecurity.com/content/word-arbitrary-free http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf http://www.securityfocus.com/archive/1/499086/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-4025
https://notcve.org/view.php?id=CVE-2008-4025
Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability." Desbordamiento de enteros en Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de Compatibilidad de Office para formatos de archivo de Word, Excel, y PowerPoint 2007; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac, permite a los atacantes remotos ejecutar código arbitrario por medio de (1) un archivo RTF o (2) un mensaje de correo electrónico de texto enriquecido que contiene un número no válido de puntos para una polilínea o polígono, lo que desencadena un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Word RTF Object Parsing Vulnerability.". • http://secunia.com/secunia_research/2008-21 http://www.securityfocus.com/archive/1/499054/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5682 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-4837 – Microsoft Office Word Document Table Property Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4837
Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." ... This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. • http://www.securityfocus.com/archive/1/499064/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 http://www.zerodayinitiative.com/advisories/ZDI-08-086 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-4028 – Microsoft Office RTF Drawing Object Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4028
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a los atacantes remotos ejecutar código arbitrario por medio de palabras de control creadas relacionadas con múltiples etiquetas de Objeto de Dibujo en (1) un archivo RTF o (2) un mensaje de correo electrónico de texto enriquecido, que activa la asignación de memoria incorrecta y un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Word RTF Object Parsing Vulnerability," una vulnerabilidad diferente a la CVE-2008-4030. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft products including Word and Outlook. • http://www.securityfocus.com/archive/1/499063/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 http://www.zerodayinitiative.com/advisories/ZDI-08-085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •