Page 82 of 446 results (0.019 seconds)

CVSS: 9.3EPSS: 77%CPEs: 11EXPL: 0

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 para Mac y Office v.X para Mac no maneja apropiadamente ciertos códigos de operación, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo XLS especialmente diseñado, lo que resulta en un "Improper Memory Access Vulnerabilityā€¯. NOTA: una divulgación temprana de este problema usó CVE-2006-3432, pero sólo CVE-2007-0028 debe ser usado. • http://secunia.com/advisories/23676 http://securitytracker.com/id?1017485 http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html http://www.kb.cert.org/vuls/id/493185 http://www.osvdb.org/31249 http://www.securityfocus.com/archive/1/457274/100/0/threaded http://www.securityfocus.com/bid/21952 http://www.us-cert.gov/cas/techalerts/TA07-009A.html http://www.vupen.com/english/advisories/2007 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 93%CPEs: 6EXPL: 0

Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." Un desbordamiento de búfer en la funcionalidad Advanced Search (Finder.exe) de Microsoft Outlook 2000, 2002 y 2003, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo Outlook Saved Searches (OSS) que desencadena daños en la memoria , también se conoce como "Microsoft Outlook Advanced Find Vulnerabilityā€¯. • http://secunia.com/advisories/23674 http://securitytracker.com/id?1017488 http://www.computerterrorism.com/research/ct09-01-2007.htm http://www.kb.cert.org/vuls/id/271860 http://www.osvdb.org/31254 http://www.securityfocus.com/archive/1/456589/100/0/threaded http://www.securityfocus.com/archive/1/457274/100/0/threaded http://www.securityfocus.com/bid/21936 http://www.us-cert.gov/cas/techalerts/TA07-009A.html http://www.vupen.com/english/advisories/2007/0104 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 92%CPEs: 11EXPL: 0

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 para Mac, y v.X para Mac permite a atacantes remotos ejecutar código de su elección mediante registros IMDATA mal formados que provocan una corrupción de memoria. • http://securitytracker.com/id?1017487 http://www.kb.cert.org/vuls/id/749964 http://www.osvdb.org/31255 http://www.securityfocus.com/archive/1/457274/100/0/threaded http://www.securityfocus.com/bid/21856 http://www.us-cert.gov/cas/techalerts/TA07-009A.html http://www.vupen.com/english/advisories/2007/0103 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11 •

CVSS: 4.3EPSS: 30%CPEs: 6EXPL: 0

Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. Microsoft Outlook 2000, 2002, y 2003 permite a atacantes remotos con la implicación del usuario provocar una denegación de servicio (consumo de memoria e interrupción de recuperación de correo) mediante información de cabecera mal-formada, posiblemente relacionado con (1)lineas de asunto largas o (2)gran número de recipientes en las cabeceras To o CC. • http://blogs.securiteam.com/index.php/archives/347 http://linuxbox.org/pipermail/funsec/2006-March/005208.html http://osvdb.org/ref/24/24081-outlook1.txt http://secunia.com/advisories/23674 http://securitytracker.com/id?1017488 http://www.kb.cert.org/vuls/id/617436 http://www.osvdb.org/31253 http://www.securityfocus.com/archive/1/457274/100/0/threaded http://www.securityfocus.com/bid/21937 http://www.us-cert.gov/cas/techalerts/TA07-009A.html http://www.v • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 95%CPEs: 11EXPL: 3

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. Vulnerabilidad no especificada en Microsoft Word 2000, 2002, y Word Viewer 2003 permite a atacantes remotos con la intervención del usuario, ejecutar código de su elección mediante un fichero DOC manipulado que dispara una corrupción de memoria, como se demuestra con el fichero 12122006-djtest.doc, vulnerabilidad diferente a CVE-2006-5994 y CVE-2006-6456. • https://www.exploit-db.com/exploits/2922 http://blogs.securiteam.com/?p=763 http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx http://research.eeye.com/html/alerts/zeroday/20061212.html http://securitytracker.com/id?1017390 http://www.infoworld.com/article/06/12/13/HNthirdword_1.html http://www.kb.cert.org/vuls/id/996892 http://www.milw0rm.com/sploits/12122006-djtest.doc http://www.securityfocus.com/archive/1/454219/30 •