CVSS: 6.1EPSS: 30%CPEs: 1EXPL: 2CVE-2008-1547 – Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection
https://notcve.org/view.php?id=CVE-2008-1547
21 Oct 2008 — Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. Vulnerabilidad involuntaria de redirección en exchweb/bin/redir.asp en Microsoft Outlook Web Access (OWA) para Exchange Server 2003 SP2 (alias build 6.5.7638) permite a atacantes remotos, redireccionar a usuarios a sitios web de su elección y ll... • https://www.exploit-db.com/exploits/32489 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.3EPSS: 60%CPEs: 16EXPL: 0CVE-2008-4019 – Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4019
14 Oct 2008 — Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerabili... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 76%CPEs: 22EXPL: 1CVE-2007-5348 – Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
https://notcve.org/view.php?id=CVE-2007-5348
10 Sep 2008 — Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted ... • https://www.exploit-db.com/exploits/6619 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 70%CPEs: 22EXPL: 0CVE-2008-3012
https://notcve.org/view.php?id=CVE-2008-3012
10 Sep 2008 — gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute ... • http://marc.info/?l=bugtraq&m=122235754013992&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 71%CPEs: 22EXPL: 0CVE-2008-3014
https://notcve.org/view.php?id=CVE-2008-3014
10 Sep 2008 — Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed W... • http://marc.info/?l=bugtraq&m=122235754013992&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 74%CPEs: 20EXPL: 1CVE-2008-3013 – Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3013
09 Sep 2008 — gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file conta... • https://www.exploit-db.com/exploits/6716 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 71%CPEs: 14EXPL: 2CVE-2008-3015 – Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3015
09 Sep 2008 — Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vuln... • http://marc.info/?l=bugtraq&m=122235754013992&w=2 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 68%CPEs: 15EXPL: 0CVE-2008-3006 – Microsoft Excel COUNTRY Record Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3006
12 Aug 2008 — Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 24%CPEs: 3EXPL: 1CVE-2008-2247
https://notcve.org/view.php?id=CVE-2008-2247
08 Jul 2008 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. Una vulnerabilidad de tipo cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server versión 2003 SP2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de campos de correo electrónico no especificados, una vulnerabilidad diferent... • http://secunia.com/advisories/30964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 25%CPEs: 4EXPL: 0CVE-2008-2248
https://notcve.org/view.php?id=CVE-2008-2248
08 Jul 2008 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. La vulnerabilidad de tipo Cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server 2003 SP2, permite a atacantes remotos inyectar script web o HTML por medio de HTML no especificado, una vulnerabilidad diferente a la CVE-2008-2247. • http://secunia.com/advisories/30964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •