CVSS: 9.3EPSS: 22%CPEs: 3EXPL: 0CVE-2009-0095
https://notcve.org/view.php?id=CVE-2009-0095
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3 y 2007 SP1 no valida adecuadamente los datos Object de los ficheros Visio, esto permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado. También se conoce como "Vulnerabilidad de Validación de Memoria". • http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0391 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 22%CPEs: 3EXPL: 0CVE-2009-0096
https://notcve.org/view.php?id=CVE-2009-0096
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 no realiza correctamente la copia de memoria para los datos de objetos, lo que permite a atacantes remotos ejecutar código a su elección a través de un documento de Visio manipulado, también conocido como "Vulnerabilidad de corrupción de memoria" • http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0391 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 9%CPEs: 3EXPL: 0CVE-2009-0097
https://notcve.org/view.php?id=CVE-2009-0097
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." Microsoft Office Visio v2002 SP2 and v2003 SP3 no valida de forma adecuada el posicionamiento en memoria de los ficheros Visio, lo que permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado, también conocido como "Memory Corruption Vulerability" • http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0391 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 69%CPEs: 22EXPL: 0CVE-2008-3012
https://notcve.org/view.php?id=CVE-2008-3012
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." gdiplus.dll en GDI+ de Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008 y Forefront Client Security 1.0 no realiza correctamente la asignación de memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante un archivo de imagen EMF mal formado, también conocido como "GDI+ EMF Memory Corruption Vulnerability (Vulnerabilidad de Corrupción de Memoria GDI+EMF)". • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31019 http://www.securitytracker.com/id?1020835 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 62%CPEs: 22EXPL: 0CVE-2008-3014
https://notcve.org/view.php?id=CVE-2008-3014
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." Desbordamiento de búfer en gdiplus.dll en GDI+ en Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security 1.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen WMF que lanza una asignación de memoria inadecuada, también conocida como "Vulnerabilidad GDI+ WMF Buffer Overrun". • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31021 http://www.securitytracker.com/id?1020837 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •