CVE-2008-0117 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0117
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 y 2002 SP2, y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante valores de formateo condicional (conditional formatting values), también conocido como "Vulnerabilidad Excel de formateo condicional". • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28170 http://www.securitytracker.com/id?1019587 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5508 •
CVE-2008-0103
https://notcve.org/view.php?id=CVE-2008-0103
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." Vulnerabilidad sin especificar en Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2 y Office 2004 para Mac. Permite a atacantes remotos ejecutar código de su elección a través de un documento de Office que contiene un objeto mal formado, relacionado con un "error de gestión de memoria" también conocido como "Microsoft Office Execution Jump Vulnerability." • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28909 http://www.securityfocus.com/bid/27738 http://www.securitytracker.com/id?1019375 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0515/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5407 • CWE-399: Resource Management Errors •
CVE-2008-0104
https://notcve.org/view.php?id=CVE-2008-0104
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." Vulnerabilidad sin especificar en Microsoft Office Publisher 2000, 2002 y 2003 SP2. Permite a atacantes remotos ejecutar código de su elección a través de un archivo .pub manipulado, también conocido como "Publisher Memory Corruption Vulnerability." • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28906 http://www.securityfocus.com/bid/27740 http://www.securitytracker.com/id?1019377 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0514/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4547 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0109
https://notcve.org/view.php?id=CVE-2008-0109
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. Word en Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2 y Office Word Viewer 2003, permite a los atacantes remotos ejecutar código arbitrario por medio de campos especialmente diseñados dentro del File Information Block (FIB) de un archivo de Word, lo que desencadena errores de cálculo de longitud y corrupción de memoria. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28901 http://www.kb.cert.org/vuls/id/692417 http://www.securityfocus.com/archive/1/488071/100/0/threaded http://www.securityfocus.com/bid/27656 http://www.securitytracker.com/id?1019374 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0511/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009 https:/ • CWE-399: Resource Management Errors •
CVE-2007-6329
https://notcve.org/view.php?id=CVE-2007-6329
Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. Microsoft Office 2007 12.0.6015.5000 y MSO 12.0.6017.5000 no firma la meta-información de documentos Office Open XML (OOXML), lo cual hace más fácil para atacantes remotos modificar campos de meta-datos Dublin Core, como ha sido demostrado por los campos (1) LastModifiedBy y (2) creator en docProps/core.xml en el contenedor OOXML ZIP. • http://osvdb.org/44938 http://securityreason.com/securityalert/3443 http://www.securityfocus.com/archive/1/484919/100/0/threaded http://www.securityfocus.com/bid/26833 https://exchange.xforce.ibmcloud.com/vulnerabilities/39021 • CWE-255: Credentials Management Errors •