CVSS: 9.3EPSS: 64%CPEs: 15EXPL: 0CVE-2010-0264
https://notcve.org/view.php?id=CVE-2010-0264
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." Microsoft Office Excel 2002 SP3, Office 2004 y 2008 para Mac y el Conversor de Formatos de Ficheros Open XML -Open XML File Format Converter- para Mac, no analizan adecuadamente los formatos de fichero Excel, esto permite a atacantes remotos ejecutar código de su elección a través de una hoja manipulada. También se conoce como "Vulnerabilidad de análisis de documento en Microsoft Office Excel DbOrParamQry" • http://www.securitytracker.com/id?1023698 http://www.us-cert.gov/cas/techalerts/TA10-068A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 86%CPEs: 15EXPL: 0CVE-2010-0263 – Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0263
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability." Microsoft Office Excel 2007 SP1 y SP2; Office 2008 para Mac; Open XML File Format Converter para Mac; Office Excel Viewer SP1 y SP2; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2; y Office SharePoint Server 2007 SP1 y SP2 no validan las cabeceras ZIP durante la descompresión de documentos Open XML (.XLSX), lo que permite a atacantes remotos ejecutar código de su elección a través de un documentos manipulado que provoca el acceso a una ubicación de memoria sin inicializar. También conocida como "Vulnerabilidad Microsoft Office Excel XLSX File Parsing Code Execution". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. • http://www.securityfocus.com/archive/1/509979/100/0/threaded http://www.securitytracker.com/id?1023698 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.zerodayinitiative.com/advisories/ZDI-10-025 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2009-3731
https://notcve.org/view.php?id=CVE-2009-3731
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebWorks Help v2.0 a la v5.0 en VMware vCenter v4.0 anterior a Update 1 Build 208156; VMware Server v2.0.2; VMware ESX v4.0; VMware Lab Manager v2.x; VMware vCenter Lab Manager v3.x y v4.x anterior a v4.0.1; VMware Stage Manager v1.x anterior a v4.0.1; WebWorks Publisher v6.x a la v8.x; WebWorks Publisher 2003; y WebWorks ePublisher v9.0.x a la v9.3, 2008.1 a la 2008.4, y 2009.x anterior a 2009.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) wwhelp_entry.html alcanzable a través d index.html y wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, o (5) el componente window.opener en wwhelp/wwhimpl/common/html/bookmark.htm, relacionado con (a) parámetros desconocidos y (b) mensajes usados en los enlaces de "topic" para la funcionalidad de marcadores. • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html http://lists.vmware.com/pipermail/security-announce/2009/000073.html http://secunia.com/advisories/38749 http://secunia.com/advisories/38842 http://securitytracker.com/id?1023683 http://www.osvdb.org/62738 http://www.osvdb.org/62739 http://www.osvdb.org/62740 http://www.osvdb.org/62741 http://www.osvdb.org/62742 http://www.securityfocus.com/archive/1/509883/100/0/threaded http://www.securityfocus. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 93%CPEs: 10EXPL: 0CVE-2009-2506
https://notcve.org/view.php?id=CVE-2009-2506
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow. Desbordamiento de enteros en los convertidores de texto en Microsoft Office Word 2002 SP3 y 2003 SP3; Works versión 8.5; Office Converter Pack; y WordPad en Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo DOC con un número no válido de nombre de propiedad en la transmisión DocumentSummaryInformation, lo que desencadena un desbordamiento del búfer en la región heap de la memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834 http://support.avaya.com/css/P8/documents/100070184 http://www.securityfocus.com/bid/37216 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 85%CPEs: 7EXPL: 0CVE-2009-0102
https://notcve.org/view.php?id=CVE-2009-0102
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." Microsoft Project 2000 SR1 y 2002 SP1 y Office Project 2003 SP3 no maneja de manera apropiada la reserva de memoria para ficheros Project, lo que permite a atacantes remotos ejecutar código de su elección mediante un fichero manipulado. También conocido como "Vulnerabilidad Project Memory Validation". • http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6298 • CWE-399: Resource Management Errors •