Page 9 of 50 results (0.107 seconds)

CVSS: 9.3EPSS: 79%CPEs: 19EXPL: 0

CVE-2008-4027 – Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2008-4027

Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." Vulnerabilidad de Doble Liberación en Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; y Office 2004 para Mac permite a los atacantes remotos ejecutar código arbitrario por medio de un (1) archivo RTF o (2) un mensaje de correo electrónico de texto enriquecido con múltiples etiquetas consecutivas de Objeto de Dibujo ("\do"), que desencadena una "memory calculation error" y una corrupción de memoria, también se conoce como "Word RTF Object Parsing Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. • http://www.securityfocus.com/archive/1/499062/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 http://www.zerodayinitiative.com/advisories/ZDI-08-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6098 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 74%CPEs: 5EXPL: 0

CVE-2008-0110

https://notcve.org/view.php?id=CVE-2008-0110

Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. Vulnerabilidad no especificada de Microsoft Outlook en Office 2000 SP3, XP SP3, 2003 SP2 y Sp3, y sistemas Office permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante la modificación de un mailto URI. • http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://secunia.com/advisories/29320 http://www.kb.cert.org/vuls/id/393305 http://www.securityfocus.com/bid/28147 http://www.securitytracker.com/id?1019579 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0847/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval& • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 95%CPEs: 3EXPL: 0

CVE-2007-3897

https://notcve.org/view.php?id=CVE-2007-3897

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. Un desbordamiento de búfer en la región heap de la memoria en Microsoft Outlook Express versión 6 y anteriores, y Windows Mail para Vista, permite que los servidores remotos de Network News Transfer Protocol (NNTP) ejecuten código arbitrario por medio de las respuestas NNTP largas que desencadenan una corrupción de la memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607 http://secunia.com/advisories/27112 http://securitytracker.com/id?1018785 http://securitytracker.com/id?1018786 http://www.securityfocus.com/archive/1/481983/100/100/threaded http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/25908 http://www.us-cert.gov/cas/techalerts/TA07-282A.html http://www.vupen.com/english/advisories/2007/3436 https://docs.microsoft.com/e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 94%CPEs: 36EXPL: 0

CVE-2007-0671

https://notcve.org/view.php?id=CVE-2007-0671

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. • http://osvdb.org/31901 http://secunia.com/advisories/24008 http://securitytracker.com/id?1017584 http://vil.nai.com/vil/content/v_141393.htm http://www.avertlabs.com/research/blog/?p=191 http://www.kb.cert.org/vuls/id/613740 http://www.microsoft.com/technet/security/advisory/932553.mspx http://www.securityfocus.com/bid/22383 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0463 https://docs.microsoft.com •

CVSS: 9.3EPSS: 76%CPEs: 6EXPL: 0

CVE-2007-0033

https://notcve.org/view.php?id=CVE-2007-0033

Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. Microsoft Outlook 2002 y 2003 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de un registro VEVENT mal formado en la petición .iCal meeting o un fichero ICS. • http://secunia.com/advisories/23674 http://securitytracker.com/id?1017488 http://www.kb.cert.org/vuls/id/476900 http://www.osvdb.org/31252 http://www.securityfocus.com/archive/1/457274/100/0/threaded http://www.securityfocus.com/bid/21931 http://www.us-cert.gov/cas/techalerts/TA07-009A.html http://www.vupen.com/english/advisories/2007/0104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-003 https://oval.cisecurity.org/repository/search/ •