CVE-2006-3649
https://notcve.org/view.php?id=CVE-2006-3649
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. Desbordamiento de búfer en Microsoft Visual Basic para Aplicaciones (VBA) SDK 6.0 hasta 6.4, como se usa en Microsoft Office 2000 SP3, Office XPSP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, y Works Suite 2004 hasta 2006, permite a atacantes remotos con intervención del usuario ejecutar código de su elección mediante propiedades de documento no especificadas que no son verificadas cuando VBA es invocado para abrir documentos. • http://secunia.com/advisories/21408 http://securitytracker.com/id?1016656 http://www.kb.cert.org/vuls/id/159484 http://www.securityfocus.com/bid/19414 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2006/3214 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A694 •
CVE-2003-0347 – Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 - Document Handling Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0347
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. • https://www.exploit-db.com/exploits/23094 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html http://marc.info/?l=bugtraq&m=106262077829157&w=2 http://secunia.com/advisories/9666 http://www.kb.cert.org/vuls/id/804780 http://www.securityfocus.com/bid/8534 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037 •