CVSS: 9.3EPSS: 86%CPEs: 11EXPL: 0CVE-2009-0557 – Microsoft Office Object Record Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0557
10 Jun 2009 — Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerabil... • http://osvdb.org/54953 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 55%CPEs: 16EXPL: 0CVE-2009-0558
https://notcve.org/view.php?id=CVE-2009-0558
10 Jun 2009 — Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." Error de índice de matriz en Excel en Office 2000 SP3 y Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un ... • http://osvdb.org/54954 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 60%CPEs: 16EXPL: 0CVE-2009-0559
https://notcve.org/view.php?id=CVE-2009-0559
10 Jun 2009 — Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." Desbordamiento de búfer basado en pila en Excel en Microsoft Office 2000 SP3 y Office XP SP3, permite a atacantes remotos ejecutar código de su elección a través de un archivo Excel con un objeto de registro mal formado, también conocido como "Vulnerabilidad String Co... • http://www.securityfocus.com/bid/35243 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 66%CPEs: 16EXPL: 0CVE-2009-0560
https://notcve.org/view.php?id=CVE-2009-0560
10 Jun 2009 — Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruptio... • http://osvdb.org/54956 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 66%CPEs: 16EXPL: 0CVE-2009-0561
https://notcve.org/view.php?id=CVE-2009-0561
10 Jun 2009 — Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 62%CPEs: 16EXPL: 0CVE-2009-1134 – Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1134
10 Jun 2009 — Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability." Excel en 2007 Office System SP1 y SP2 de Microsoft; Office Excel Viewer de Microsoft; y Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007... • http://osvdb.org/54958 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 73%CPEs: 6EXPL: 0CVE-2008-4032
https://notcve.org/view.php?id=CVE-2008-4032
10 Dec 2008 — Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." Microsoft Office SharePoint Server 2007 Gold y SP1 y Microsoft Search Server 2008 no realizan aprop... • http://secunia.com/advisories/33063 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 58%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expre... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 60%CPEs: 16EXPL: 0CVE-2008-4019 – Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4019
14 Oct 2008 — Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerabili... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 68%CPEs: 15EXPL: 0CVE-2008-3006 – Microsoft Excel COUNTRY Record Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3006
12 Aug 2008 — Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-399: Resource Management Errors •