Page 8 of 38 results (0.007 seconds)

CVSS: 9.3EPSS: 65%CPEs: 15EXPL: 0

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 y SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 Gold y SP3; Office Excel Viewer; Paquete de compatibilidad de Office 2007 Gold y SP1; Office SharePoint Server 2007 Gold y SP1; y Office 2004 y 2008 para Mac no analizan apropiadamente los valores de registro Country al cargar archivos de Excel, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Excel creado, también se conoce como "Excel Record Parsing Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed Country (0x8c) record, user-supplied data may be used in a memory copy operation resulting in memory corruption. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31454 http://secunia.com/advisories/31455 http://www.securityfocus.com/archive/1/495428/100/0/threaded http://www.securityfocus.com/bid/30640 http://www.securitytracker.com/id?1020672 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2347 http://www.zerodayinitiative.com/advisories/ZDI-08-048 https://docs.microsoft.com/en-us/security-updates • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Windows SharePoint Services 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo Picture Source (Fuente de Imagen) (también conocido como picture object source) en Rich Text Editor. • https://www.exploit-db.com/exploits/31632 http://www.caughq.org/advisories/CAU-2008-0002.txt http://www.securityfocus.com/archive/1/490624/100/0/threaded http://www.securityfocus.com/bid/28706 https://exchange.xforce.ibmcloud.com/vulnerabilities/41934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 96%CPEs: 3EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. Varias vulnerabilidades de tipo cross-site scripting (XSS) en Microsoft Windows SharePoint Services versión 3.0 para Windows Server 2003 y Office SharePoint Server 2007 permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del PATH_INFO (cadena de consulta) en "every main page," como fue demostrado por default.aspx. • https://www.exploit-db.com/exploits/29951 http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html http://osvdb.org/37630 http://secunia.com/advisories/27148 http://securityreason.com/securityalert/2682 http://securitytracker.com/id?1018789 http://www.securityfocus.com/archive/1/467738/100/0/threaded http://www.securityfocus.com/archive/1/467749/100/0/threaded http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/23832 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •