CVSS: 9.3EPSS: 69%CPEs: 5EXPL: 0CVE-2008-3021 – Microsoft Windows Graphics Rendering Engine PICT Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3021
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018. Office 2000 SP3, XP SP3 y 2003 SP2; Office Converter Pack; y Works versión 8 de Microsoft, no analizan apropiadamente la longitud de un archivo PICT, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PICT diseñado con un campo bits_per_pixel no válido, también se conoce como la "PICT Filter Parsing Vulnerability" una vulnerabilidad diferente de CVE-2008-3018. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of PICT images in an office document. Due to improper parsing of the bits_per_pixel field in a PICT image a heap overflow can occur. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31336 http://www.securityfocus.com/archive/1/495429/100/0/threaded http://www.securityfocus.com/bid/30598 http://www.securitytracker.com/id?1020673 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2348 http://www.zerodayinitiative.com/advisories/ZDI-08-049 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044 https:/ • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 23EXPL: 0CVE-2008-3068
https://notcve.org/view.php?id=CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocación de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electrónico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura y direcciones IP de recipientes, y resultados de escaneo de puerto, a través de un certificado manipulado con una extensión de de una Authority Information Access (AIA). • http://securityreason.com/securityalert/3978 http://www.securityfocus.com/archive/1/493947/100/0/threaded http://www.securityfocus.com/archive/1/494101/100/0/threaded http://www.securityfocus.com/bid/28548 http://www.securitytracker.com/id?1019736 http://www.securitytracker.com/id?1019737 http://www.securitytracker.com/id?1019738 https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt https://www.cynops.de/advisories/AK •
CVSS: 9.3EPSS: 74%CPEs: 6EXPL: 0CVE-2008-0119
https://notcve.org/view.php?id=CVE-2008-0119
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." Vulnerabilidad sin especificar en Microsoft publisher en Office XP SP3, 2003 SP2 y SP3 y 2007 SP1 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un fichero publisher con datos en el objeto de cabecera manipulados lo que provoca una corrupción de memoria, también conocido como "Vulnerabilidad en la validación del manejo del objeto"· • http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30150 http://www.securityfocus.com/archive/1/492073/100/0/threaded http://www.securityfocus.com/bid/29158 http://www.securitytracker.com/id?1020015 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1505/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-027 https://oval.cisecurity.org/repository/search/definition/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 80%CPEs: 12EXPL: 0CVE-2008-1434
https://notcve.org/view.php?id=CVE-2008-1434
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. Una vulnerabilidad de uso de la memoria previamente liberada en Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un documento HTML con un gran número de Cascading Style Sheets (CSS), relacionado con un "memory handling error" que desencadena una corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700 http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30143 http://www.securityfocus.com/bid/29105 http://www.securitytracker.com/id?1020014 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1504/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026 https://oval.cisecurity.org/repository/search/definit • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 68%CPEs: 12EXPL: 0CVE-2008-1091 – Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1091
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." Vulnerabilidad no especificada de Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrariamente a través de un archivo de Formato de Texto Enriquecido (.rtf) con una cadena mal formada que provoca un “error de cálculo en memoria” y un desbordamiento de búfer basado en el montículo (heap), también conocido como “Vulnerabilidad de análisis sintáctico de Objeto.” This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. • http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://secunia.com/advisories/30143 http://www.kb.cert.org/vuls/id/543907 http://www.securityfocus.com/archive/1/492020/100/0/threaded http://www.securityfocus.com/bid/29104 http://www.securitytracker.com/id?1020013 http://www.us-cert.gov/cas/techalerts/TA08-134A.html http://www.vupen.com/english/advisories/2008/1504/references http://www.zerodayinitiative.com/advisories/ZDI-08-023 https://docs.microsoft.com/en-u • CWE-94: Improper Control of Generation of Code ('Code Injection') •