CVE-2008-0116 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0116
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003, Compatibility Pack y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de etiquetas malformadas en texto enriquecido, también se conoce como "Excel Rich Text Validation Vulnerability." • https://www.exploit-db.com/exploits/5287 http://dvlabs.tippingpoint.com/advisory/TPTI-08-03 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/archive/1/489430/100/0/threaded http://www.securityfocus.com/bid/28168 http://www.securitytracker.com/id?1019586 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08- • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0117 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0117
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 y 2002 SP2, y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante valores de formateo condicional (conditional formatting values), también conocido como "Vulnerabilidad Excel de formateo condicional". • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28170 http://www.securitytracker.com/id?1019587 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5508 •
CVE-2008-0111 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0111
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 a 2007, Viewer 2003, Compatibility Pack, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante registros de validación de datos manipulados, también conocido como "Vulnerabilidad de Registro de Validación de Datos en Excel." • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28094 http://www.securitytracker.com/id?1019582 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0109
https://notcve.org/view.php?id=CVE-2008-0109
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. Word en Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2 y Office Word Viewer 2003, permite a los atacantes remotos ejecutar código arbitrario por medio de campos especialmente diseñados dentro del File Information Block (FIB) de un archivo de Word, lo que desencadena errores de cálculo de longitud y corrupción de memoria. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28901 http://www.kb.cert.org/vuls/id/692417 http://www.securityfocus.com/archive/1/488071/100/0/threaded http://www.securityfocus.com/bid/27656 http://www.securitytracker.com/id?1019374 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0511/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009 https:/ • CWE-399: Resource Management Errors •
CVE-2007-3899
https://notcve.org/view.php?id=CVE-2007-3899
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft Word 2000 SP3, Word 2002 SP3, Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante cadenas mal formadas en un fichero Word, también conocido como "Vulnerabilidad de Corrupción de Memoria en Word". • http://secunia.com/advisories/27151 http://securitytracker.com/id?1018790 http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/25906 http://www.us-cert.gov/cas/techalerts/TA07-282A.html http://www.vupen.com/english/advisories/2007/3440 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1879 • CWE-94: Improper Control of Generation of Code ('Code Injection') •