CVSS: 9.3EPSS: 10%CPEs: 8EXPL: 0CVE-2008-4266
https://notcve.org/view.php?id=CVE-2008-4266
Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3 y 2003 SP3; Excel Viewer 2003 Gold y SP3; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac, permite a los atacantes remotos ejecutar código arbitrario por medio de una hoja de cálculo de Excel con un registro NAME que contiene un valor de índice no válido, que desencadena una corrupción de pila, también se conoce como "Excel Global Array Memory Corruption Vulnerability". • http://secunia.com/secunia_research/2008-36 http://www.securityfocus.com/archive/1/499055/100/0/threaded http://www.securitytracker.com/id?1021368 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3386 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5808 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 88%CPEs: 4EXPL: 1CVE-2008-0114 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0114
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 a 2003 SP2, Viewer 2003, y Office para Mac 2004 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante registros Style manipulados que que disparan corrupción de memoria. • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28166 http://www.securitytracker.com/id?1019584 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5456 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 82%CPEs: 7EXPL: 1CVE-2008-0111 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0111
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 a 2007, Viewer 2003, Compatibility Pack, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante registros de validación de datos manipulados, también conocido como "Vulnerabilidad de Registro de Validación de Datos en Excel." • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28094 http://www.securitytracker.com/id?1019582 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 84%CPEs: 7EXPL: 1CVE-2008-0115 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0115
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 hasta 2007, Viewer 2003, Pack de compatibilidad (Compatibility Pack), and Office para Mac 2004 permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante formulas mal formadas, también conocido como "Vulnerabilidad de análisis sintáctico de formulas" (Excel Formula Parsing Vulnerability). • https://www.exploit-db.com/exploits/5287 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/bid/28167 http://www.securitytracker.com/id?1019585 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5512 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 84%CPEs: 7EXPL: 1CVE-2008-0116 – Microsoft Excel - Code Execution (MS08-014)
https://notcve.org/view.php?id=CVE-2008-0116
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003, Compatibility Pack y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de etiquetas malformadas en texto enriquecido, también se conoce como "Excel Rich Text Validation Vulnerability." • https://www.exploit-db.com/exploits/5287 http://dvlabs.tippingpoint.com/advisory/TPTI-08-03 http://marc.info/?l=bugtraq&m=120585858807305&w=2 http://www.securityfocus.com/archive/1/489430/100/0/threaded http://www.securityfocus.com/bid/28168 http://www.securitytracker.com/id?1019586 http://www.us-cert.gov/cas/techalerts/TA08-071A.html http://www.vupen.com/english/advisories/2008/0846/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08- • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •