CVSS: 4.3EPSS: 58%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expre... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 63%CPEs: 10EXPL: 0CVE-2008-1455
https://notcve.org/view.php?id=CVE-2008-1455
13 Aug 2008 — A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability." Un error en el cálculo de memoria en Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, y 2007 incluyendo el SP1; y Compatibil... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 40%CPEs: 9EXPL: 5CVE-2008-2752 – Microsoft Word 2000/2002 - Bulleted List Handling Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2008-2752
18 Jun 2008 — Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. Microsoft Word 2000 9.0.2812 y 2003 11.8106.8172, no gestiona correctamente las listas desordenadas, lo que permite a atacantes asistidos por el usuario, provocar una denega... • https://www.exploit-db.com/exploits/31934 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 60%CPEs: 12EXPL: 0CVE-2008-1434
https://notcve.org/view.php?id=CVE-2008-1434
13 May 2008 — Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. Una vulnerabilidad de uso de la memoria previamente liberada en Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacante... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 58%CPEs: 12EXPL: 0CVE-2008-1091 – Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1091
13 May 2008 — Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." Vulnerabilidad no especificada de Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecu... • http://marc.info/?l=bugtraq&m=121129490723574&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 63%CPEs: 9EXPL: 0CVE-2008-1092
https://notcve.org/view.php?id=CVE-2008-1092
25 Mar 2008 — Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. Un desbordamiento de búfer en la biblioteca msjet40.dll anterior a la versión 4.0.9505.0 en el Motor de Base de datos de Microsoft Jet permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Word ... • http://marc.info/?l=bugtraq&m=121129490723574&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 69%CPEs: 7EXPL: 1CVE-2008-0111 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0111
11 Mar 2008 — Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 a 2007, Viewer 2003, Compatibility Pack, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante registros de v... • https://www.exploit-db.com/exploits/5287 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 71%CPEs: 7EXPL: 1CVE-2008-0115 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0115
11 Mar 2008 — Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 hasta 2007, Viewer 2003, Pack de compatibilidad (Compatibility Pack), and Office para Mac 2004 permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante formulas ma... • https://www.exploit-db.com/exploits/5287 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 74%CPEs: 7EXPL: 1CVE-2008-0116 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0116
11 Mar 2008 — Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003, Compatibility Pack y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de etiquetas malformadas en texto enriquecido, también se conoce... • https://www.exploit-db.com/exploits/5287 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 74%CPEs: 12EXPL: 1CVE-2008-0117 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0117
11 Mar 2008 — Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 y 2002 SP2, y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante valores de formateo condicional (conditional formatting valu... • https://www.exploit-db.com/exploits/5287 •