7 results (0.004 seconds)

CVSS: 6.8EPSS: 86%CPEs: 14EXPL: 1

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538. • https://www.exploit-db.com/exploits/26769 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538 http://informationweek.com/story/showArticle.jhtml?articleID=174910198 http://news.com.com/2061-10789_3-5988086.html http://news.zdnet.com/2100-1009_22-5989078.html http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securityreason.com/securityalert/584 http://securityreason.com/securityalert/591 http://securitytracker.com/id?1015333 http://securitytracker.com •

CVSS: 5.0EPSS: 2%CPEs: 18EXPL: 3

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure." Microsoft Word y Excel permite a atacantes remotos robar información sensible mediante ciertos códigos de campo que insertan la información cuando el documento es devuelto al atacante, como ha sido demostrado en Word usando INCLUDETEXT o INCLUDEPICTURE, tambien conocido como "Fallo en campos de Word y actualizaciones externas de Excel podría conducir a revelamiento de Información" • https://www.exploit-db.com/exploits/21812 https://www.exploit-db.com/exploits/21764 http://marc.info/?l=bugtraq&m=103040003014999&w=2 http://marc.info/?l=bugtraq&m=103252858816401&w=2 http://www.iss.net/security_center/static/10008.php http://www.iss.net/security_center/static/10155.php http://www.kb.cert.org/vuls/id/899713 http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp http://www.securityfocus.com/bid/5586 htt •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. • http://online.securityfocus.com/archive/1/218802 http://www.cert.org/advisories/CA-2001-28.html http://www.kb.cert.org/vuls/id/287067 http://www.securityfocus.com/bid/3402 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/7223 •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. • http://www.securityfocus.com/bid/1451 http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290%40nat.bg https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-051 https://exchange.xforce.ibmcloud.com/vulnerabilities/5016 •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. • http://www.securityfocus.com/bid/1399 http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB%40nat.bg https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049 •