CVE-2008-0312
https://notcve.org/view.php?id=CVE-2008-0312
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en el AutoFix Support Tool ActiveX control 2.7.0.1 en SYMADATA.DLL de múltiples productos de Symantec Norton, incluyendo Norton 360 1.0, AntiVirus 2006 hasta 2008, Internet Security 2006 hasta 2008, y System Works 2006 hasta 2008; permite a atacantes remotos ejecutar código de su elección mediante un argumento largo al método GetEventLogInfo. NOTA: Algunos de estos detalles se han obtenido de información de terceros. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677 http://secunia.com/advisories/29660 http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html http://www.securityfocus.com/bid/28507 http://www.securitytracker.com/id?1019751 http://www.securitytracker.com/id?1019752 http://www.securitytracker.com/id?1019753 http://www.vupen.com/english/advisories/2008/1077/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41629 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0216 – Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)
https://notcve.org/view.php?id=CVE-2007-0216
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." La biblioteca wkcvqd01.dll en Microsoft Works versión 6 File Converter, tal y como es usado en Office 2003 SP2, Works versión 8.0 y Works Suite 2005, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo .wps con encabezados de longitud de sección diseñados, también se conoce como "Microsoft Works File Converter Input Validation Vulnerability". • https://www.exploit-db.com/exploits/5107 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659 http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28904 http://www.securityfocus.com/bid/27657 http://www.securitytracker.com/id?1019386 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0513/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011 https: • CWE-20: Improper Input Validation •
CVE-2008-0105 – Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)
https://notcve.org/view.php?id=CVE-2008-0105
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." Microsoft Works 6 File Converter, como el utilizado en Office 2003 SP2 y SP3, Works 8.0, y Works Suite 2005, permite a atacantes remotos ejecutar código de su elección a través de un fichero .wps con una sección de la cabecera de índice de la tabla de información manipulada, también conocida como "Vulnerabilidad en Tabla Índice de Microsoft Works File Converter" • https://www.exploit-db.com/exploits/5107 http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28904 http://www.securityfocus.com/bid/27658 http://www.securitytracker.com/id?1019387 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0513/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-20: Improper Input Validation •
CVE-2008-0108 – Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)
https://notcve.org/view.php?id=CVE-2008-0108
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." Un desbordamiento de búfer en la región stack de la memoria en la biblioteca wkcvqd01.dll en Microsoft Works versión 6 File Converter, tal y como es usado en Office 2003 SP2 y SP3, Works versión 8.0 y Works Suite 2005, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo .wps con longitudes de campo diseñado, también se conoce como "Microsoft Works File Converter Field Length Vulnerability". • https://www.exploit-db.com/exploits/5107 https://www.exploit-db.com/exploits/31118 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660 http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28904 http://www.securityfocus.com/bid/27659 http://www.securitytracker.com/id?1019388 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0513/references https://docs.microsoft.com/en-us/sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-1202
https://notcve.org/view.php?id=CVE-2007-1202
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." Word (o Word Viewer) en Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 para Mac y Works Suite 2004, 2005 y 2006 no analiza apropiadamente ciertas "property strings of certain control words”, de texto enriquecido, lo que permite que los atacantes remotos asistidos por el usuario desencadenen corrupción de pila y ejecutar código arbitrario, también se conoce como la "Word RTF Parsing Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525 http://www.kb.cert.org/vuls/id/555489 http://www.osvdb.org/34388 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23836 http://www.securitytracker.com/id?1018013 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1709 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024 https:/ • CWE-20: Improper Input Validation •