CVE-2009-1129
https://notcve.org/view.php?id=CVE-2009-1129
Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. Múltiples desbordamientos de búfer en la región stack de la memoria en el importador de PowerPoint 95 (biblioteca PP7X32. DLL) en Office PowerPoint 2000 SP3, 2002 SP3 y 2003 SP3 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de una longitud de registro inconsistente en datos de sonido en un archivo que utiliza un formato de archivo nativo de PowerPoint 95 (PPT95), también se conoce como "PP7 Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2009-1128. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=791 http://osvdb.org/54387 http://secunia.com/advisories/32428 http://www.securityfocus.com/bid/34839 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6176 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1130 – Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1130
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." Un desbordamiento de búfer en la región heap de la memoria en Office PowerPoint 2002 SP3 y 2003 SP3, y PowerPoint en Office 2004 para Mac, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de una estructura diseñada en un contenedor de Notes en un archivo de PowerPoint que causa que PowerPoint lea más datos de los que se asignaron al crear un objeto C++, conllevando a una sobrescritura de un puntero de función, también se conoce como "Heap Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office's PowerPoint. User interaction is required to exploit this vulnerability in that the target must open up a malicious file. The vulnerability exists within the parsing of certain structures inside a Notes container. During population of a C++ object when reading the Notes container, Powerpoint incorrectly reads more data than was allocated for overwriting a function pointer for the object which is later used in a call from mso.dll. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794 http://secunia.com/advisories/32428 http://www.securityfocus.com/archive/1/503454 http://www.securityfocus.com/bid/34840 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 http://www.zerodayinitiative.com/advisories/ZDI-09-020 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0556 – Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0556
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." Vulnerabilidad inespecífica en Microsoft Office PowerPoint 2000 SP3, 2002 SP3, y 2003 SP3, y PowerPoint en Microsoft Office 2004 para Mac, permite a atacantes remotos ejecutar código arbitrario a través de un fichero PowerPoint que inicia un acceso a un "objeto no valido en memoria", Esta siendo explotado desde Abril 2009 mediante un exploit; Win32/Apptom.gen This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. Exploitation requires that the attacker coerce the target into opening a malicious .PPT file. The specific flaw exists in the parsing of the OutlineTextRefAtom (3998). By specifying an invalid "index" value during parsing memory corruption occurs. Proper exploitation can lead to remote code execution under the credentials of the currently logged in user. • http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx http://osvdb.org/53182 http://secunia.com/advisories/34572 http://www.kb.cert.org/vuls/id/627331 http://www.microsoft.com/technet/security/advisory/969136.mspx http://www.securityfocus.com/archive/1/5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-3012
https://notcve.org/view.php?id=CVE-2008-3012
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." gdiplus.dll en GDI+ de Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008 y Forefront Client Security 1.0 no realiza correctamente la asignación de memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante un archivo de imagen EMF mal formado, también conocido como "GDI+ EMF Memory Corruption Vulnerability (Vulnerabilidad de Corrupción de Memoria GDI+EMF)". • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31019 http://www.securitytracker.com/id?1020835 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3014
https://notcve.org/view.php?id=CVE-2008-3014
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." Desbordamiento de búfer en gdiplus.dll en GDI+ en Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security 1.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen WMF que lanza una asignación de memoria inadecuada, también conocida como "Vulnerabilidad GDI+ WMF Buffer Overrun". • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31021 http://www.securitytracker.com/id?1020837 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •