CVSS: 9.3EPSS: 24%CPEs: 3EXPL: 0CVE-2010-2728
https://notcve.org/view.php?id=CVE-2010-2728
Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Outlook 2002 SP3, 2003 SP3, y 2007 SP2, cuando está habilitado el Online Mode para Exchange Server, permite a los atacantes remotos ejecutar código a su elección a través de un mensaje de e-mail manipulado, también conocido como "Heap Based Buffer Overflow in Outlook Vulnerability". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-064 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 8EXPL: 2CVE-2010-0266 – Microsoft Outlook - 'ATTACH_BY_REF_ONLY' File Execution (MS10-045)
https://notcve.org/view.php?id=CVE-2010-0266
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." Microsoft Office Outlook 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 no verifica correctamente adjuntos en correo electrónico con un valor adecuado PR_ATTACH_METHOD de ATTACH_BY_REFERENCE, el cual permite a atacantes remotos ayudados por el usuario ejecutar código arbitrario mediante mensajes manipulados, también conocidos como "Vulnerabilidad Microsoft Outlook SMB en adjuntos". • https://www.exploit-db.com/exploits/16700 https://www.exploit-db.com/exploits/16699 http://www.us-cert.gov/cas/techalerts/TA10-194A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623 http://www.akitasecurity.nl/advisory.php?id=AK20091001 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 53%CPEs: 19EXPL: 0CVE-2008-4030
https://notcve.org/view.php?id=CVE-2008-4030
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1, permiten a atacantes remotos ejecutar código de su elección a través de palabras de control manipuladas en ficheros (1) RTF o (2) e-mail con texto enriquecido, lo que provoca una asignación incorrecta de memoria y una corrupción de memoria, también conocida como "Vulnerabilidad Word RTF Object Parsing". Vulnerabilidad diferente de CVE-2008-4028. • http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 39%CPEs: 19EXPL: 0CVE-2008-4026
https://notcve.org/view.php?id=CVE-2008-4026
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Office Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a los atacantes remotos ejecutar arbitrariamente código, a través de un documento Word manipulado que contiene un valor malformado, el cual lanza una corrupción de memoria, alias "Vulnerabilidad de corrupción de memoria en Word". • http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5807 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 53%CPEs: 19EXPL: 0CVE-2008-4031
https://notcve.org/view.php?id=CVE-2008-4031
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección a través de una cadena mal formada en (1) un archivo RTF o (2) una mensaje de correo electrónico con texto enriquecido, que provoca una asignación incorrecta de memoria y una corrupción de memoria, también conocido como "Vulnerabilidad de análisis sintáctico de objeto en Word RTF." • http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952 • CWE-399: Resource Management Errors •