CVSS: 9.3EPSS: 58%CPEs: 3EXPL: 0CVE-2010-3954
https://notcve.org/view.php?id=CVE-2010-3954
16 Dec 2010 — Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability." Microsoft Publisher 2002 SP3, 2003 SP3, y 2010 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de un fichero Publisher manipulado. También se conoce como "Vulnerabilidad de Corrupción de Memori... • http://www.securitytracker.com/id?1024885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 54%CPEs: 1EXPL: 0CVE-2010-3955
https://notcve.org/view.php?id=CVE-2010-3955
16 Dec 2010 — pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability." pubconv.dll (también conocido como Publisher Converter DLL) en Microsoft Publisher 2002 SP3 no indexa correctamente los arrays, esto permite a atacantes remotos ejecutar código de su elección a través de un fichero Publishe... • http://www.securitytracker.com/id?1024885 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 58%CPEs: 3EXPL: 0CVE-2010-2569
https://notcve.org/view.php?id=CVE-2010-2569
16 Dec 2010 — pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." pubconv.dll (también conocido como el Publisher Converter DLL) en Microsoft Publisher 2002 SP3, 2003 SP3, y 2007 SP2, no mane... • http://www.securitytracker.com/id?1024885 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 59%CPEs: 4EXPL: 0CVE-2010-2570
https://notcve.org/view.php?id=CVE-2010-2570
16 Dec 2010 — Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability." Desbordamiento de búfer basado en memoria dinámica en pubconv.dll (también conocido como Publisher Converter DLL) en Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, y 2010, permite a atacantes remotos causar una de... • http://www.securitytracker.com/id?1024885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 58%CPEs: 2EXPL: 0CVE-2010-2571
https://notcve.org/view.php?id=CVE-2010-2571
16 Dec 2010 — Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." Error de índice de matriz en pubconv.dll (también conocido como Publisher Converter DLL) en Microsoft Publisher 2002 Service Pack 3 y Service Pack 3 de 2003 permite a atacantes remotos ejecutar código de su elección a través de un ... • http://www.securitytracker.com/id?1024885 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 62%CPEs: 4EXPL: 0CVE-2010-0479 – Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-0479
13 Apr 2010 — Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." Desbordamiento del búfer en Microsoft Office Publisher 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 permite a atacantes remotos ejecutar codigo de su elección a través de un fichero Publisher manipulado, conocido como "Microsoft Office Publisher File Con... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 2%CPEs: 30EXPL: 0CVE-2009-3731
https://notcve.org/view.php?id=CVE-2009-3731
16 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) ... • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 59%CPEs: 3EXPL: 0CVE-2008-0102
https://notcve.org/view.php?id=CVE-2008-0102
12 Feb 2008 — Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." Vulnerabilidad no especificada de Microsoft Office Publisher 2000, 2002, y 2003 SP2 permite a atacantes remotos ejecutar código de su elección a través del fichero manipulado .pub, relativo a invalidad "valores de memoria", también conocido como "Publisher Invalid... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 20%CPEs: 5EXPL: 0CVE-2007-6534
https://notcve.org/view.php?id=CVE-2007-6534
27 Dec 2007 — Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. Múltiples vulnerabilidades no especificadas en Microsoft Office Publisher permiten a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación) mediante un archivo PUB manipulado, posiblemente involucrando un wordart. • http://securityreason.com/securityalert/3490 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 62%CPEs: 36EXPL: 0CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
03 Feb 2007 — Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque descon... • http://osvdb.org/31901 •