Page 9 of 65 results (0.007 seconds)

CVSS: 6.8EPSS: 74%CPEs: 8EXPL: 0

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." Word (o Word Viewer) en Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 para Mac y Works Suite 2004, 2005 y 2006 no analiza apropiadamente ciertas "property strings of certain control words”, de texto enriquecido, lo que permite que los atacantes remotos asistidos por el usuario desencadenen corrupción de pila y ejecutar código arbitrario, también se conoce como la "Word RTF Parsing Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525 http://www.kb.cert.org/vuls/id/555489 http://www.osvdb.org/34388 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23836 http://www.securitytracker.com/id?1018013 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1709 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024 https:/ • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 10%CPEs: 11EXPL: 0

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. Microsoft Word en Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 hasta 2006 y Office 2004 para Mac, no comprueba correctamente las propiedades de ciertos documentos y advierte al usuario del contenido de macros, lo que permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario. • http://www.osvdb.org/34385 http://www.securityfocus.com/bid/22477 http://www.securitytracker.com/id?1017639 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0583 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A700 • CWE-20: Improper Input Validation •

CVSS: 7.6EPSS: 81%CPEs: 1EXPL: 0

Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. Vulnerabilidad no especificada en Microsoft Word 2000 permite a atacantes remotos provocar denegación de servicio (caida) a través de vectores desconocidos, una vulnerabilidad diferente que CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, y CVE-2007-0515, una variante de Exploit-MS06-027. • http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0370.html http://osvdb.org/33196 http://secunia.com/advisories/24122 http://www.avertlabs.com/research/blog/?p=199 http://www.avertlabs.com/research/blog/?p=206 http://www.kb.cert.org/vuls/id/332404 http://www.microsoft.com/technet/security/advisory/933052.mspx http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/22567 http://www.securitytracker.com/id?1017653 •

CVSS: 9.3EPSS: 94%CPEs: 36EXPL: 0

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque desconocidos, como es demostrado por el archivo Exploit-MSExcel.h en ataques de día cero dirigidos. • http://osvdb.org/31901 http://secunia.com/advisories/24008 http://securitytracker.com/id?1017584 http://vil.nai.com/vil/content/v_141393.htm http://www.avertlabs.com/research/blog/?p=191 http://www.kb.cert.org/vuls/id/613740 http://www.microsoft.com/technet/security/advisory/932553.mspx http://www.securityfocus.com/bid/22383 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0463 https://docs.microsoft.com •

CVSS: 9.3EPSS: 96%CPEs: 11EXPL: 2

Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. Una vulnerabilidad no especificada en Microsoft Word, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario en Word 2000, y causar una denegación de servicio en Word 2003, por medio de vectores de ataque desconocidos que desencadenan una corrupción de memoria, como es explotado por Trojan.Mdropper.W y posteriores por Trojan.Mdropper.X, un problema diferente de CVE-2006-6456, CVE-2006-5994, y CVE-2006-6561. • https://www.exploit-db.com/exploits/3260 https://www.exploit-db.com/exploits/29524 http://isc.sans.org/diary.html?storyid=2133 http://osvdb.org/31900 http://secunia.com/advisories/23950 http://securitytracker.com/id?1017564 http://www.kb.cert.org/vuls/id/412225 http://www.microsoft.com/technet/security/advisory/932114.mspx http://www.securityfocus.com/bid/22225 http://www.securityfocus.com/bid/22328 http://www.symantec.com/enterprise/security_response/weblog/2007/0 •