CVE-2007-1756
https://notcve.org/view.php?id=CVE-2007-1756
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, y Office Excel 2007 no valida de forma adecuada la información de la versión, lo cual permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de archivos Excel manipulados, también conocido como "Vulnerabilidad de calculo error". • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35957 http://secunia.com/advisories/25995 http://www.securityfocus.com/bid/24801 http://www.securitytracker.com/id?1018352 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2478 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-036 https://exchange.xforce.ibmcloud.com/vulnerabilities/35210 https://oval.cisecurity.org/repo •
CVE-2007-1747
https://notcve.org/view.php?id=CVE-2007-1747
Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. Vulnerabilidad no especificada en MSO.dll en Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 para Mac, y 2007 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de objeto de dibujo malformado, lo cual disparar una corrupción de memoria. • http://secunia.com/advisories/25178 http://www.kb.cert.org/vuls/id/853184 http://www.osvdb.org/34396 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23826 http://www.securitytracker.com/id?1018014 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1710 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-025 https://exchange.xforce.ibmcloud.com/vulne • CWE-399: Resource Management Errors •
CVE-2007-0035
https://notcve.org/view.php?id=CVE-2007-0035
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." Word (o Word Viewer) en Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 para Mac, y Works Suite 2004, 2005 y 2006 no manejan apropiadamente los datos en una determinada matriz, lo que permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario, también se conoce como "Word Array Overflow Vulnerability." • http://www.kb.cert.org/vuls/id/260777 http://www.osvdb.org/34387 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23804 http://www.securitytracker.com/id?1018013 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1709 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ade • CWE-20: Improper Input Validation •
CVE-2007-0215 – Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0215
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. Un desbordamiento de búfer en la región stack de la memoria en Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 y 2003 Viewer permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo BIFF .XLS con un registro de gráfico con nombre inapropiado, lo que resulta en corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed Named Graph record, user-supplied data may be copied to the stack unchecked thereby leading to an exploitable stack-based buffer overflow. • http://secunia.com/advisories/25150 http://www.osvdb.org/34393 http://www.securityfocus.com/archive/1/467988/100/0/threaded http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23760 http://www.securitytracker.com/id?1018012 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1708 http://www.zerodayinitiative.com/advisories/ZDI-07-026.html https://docs.microsoft.com/en-us/securit •
CVE-2007-0208
https://notcve.org/view.php?id=CVE-2007-0208
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. Microsoft Word en Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 hasta 2006 y Office 2004 para Mac, no comprueba correctamente las propiedades de ciertos documentos y advierte al usuario del contenido de macros, lo que permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario. • http://www.osvdb.org/34385 http://www.securityfocus.com/bid/22477 http://www.securitytracker.com/id?1017639 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0583 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A700 • CWE-20: Improper Input Validation •