CVSS: 10.0EPSS: 72%CPEs: 9EXPL: 1CVE-2010-1900 – Microsoft Office Word sprmCMajority Record Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1900
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability." Microsoft Office Word 2002 SP3, 2003 SP3, y 2007 SP2; Microsoft Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Word Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; y Works 9 no manejan adecuadamente los registros mal formados, lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de archivos manipulados, también conocido como "Word Record parsing Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of sprmCMajority records in a Word document. Due to the lack of parameter checking when processing sprmCMajority sprm groups it is possible to arbitrarily control the amount of data being written to a stack based buffer resulting in a stack overflow vulnerability which can overwrite critical exception structures. • https://www.exploit-db.com/exploits/14971 http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 84%CPEs: 17EXPL: 0CVE-2009-0224
https://notcve.org/view.php?id=CVE-2009-0224
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability." Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, y 2007 SP1 y SP2; PowerPoint Viewer 2003 y 2007 SP1 y SP2; PowerPoint en Microsoft Office 2004 para Mac y 2008 para Mac; Open XML File Format Converter para Mac; Microsoft Works 8.5 y 9.0; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2 no valida adecuadamente la lista de registros en ficheros PowerPoint, lo que permite a atantes remotos ejecutar código de su elección a través de ficheros manipulados que lanzan una corrupción de memoria relacionada con un tipo de registro inválido, también conocido como "Vulnerabilidad de corrupción de memoria". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=793 http://secunia.com/advisories/32428 http://www.securityfocus.com/bid/34879 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6023 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 81%CPEs: 19EXPL: 0CVE-2008-4024
https://notcve.org/view.php?id=CVE-2008-4024
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." Microsoft Office Word 2000 SP3 y 2002 SP3 y Office 2004 para Mac permiten a los atacantes remotos ejecutar código arbitrario por medio de un documento de Word con un campo lcbPlcfBkfSdt creado en el Bloque de Información de Archivos (FIB), que omite un paso de inicialización y activa un "arbitrary free," aka "Word Memory Corruption Vulnerability." • http://www.coresecurity.com/content/word-arbitrary-free http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf http://www.securityfocus.com/archive/1/499086/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 41%CPEs: 19EXPL: 0CVE-2008-4026
https://notcve.org/view.php?id=CVE-2008-4026
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Office Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a los atacantes remotos ejecutar arbitrariamente código, a través de un documento Word manipulado que contiene un valor malformado, el cual lanza una corrupción de memoria, alias "Vulnerabilidad de corrupción de memoria en Word". • http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5807 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 61%CPEs: 19EXPL: 0CVE-2008-4030
https://notcve.org/view.php?id=CVE-2008-4030
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1, permiten a atacantes remotos ejecutar código de su elección a través de palabras de control manipuladas en ficheros (1) RTF o (2) e-mail con texto enriquecido, lo que provoca una asignación incorrecta de memoria y una corrupción de memoria, también conocida como "Vulnerabilidad Word RTF Object Parsing". Vulnerabilidad diferente de CVE-2008-4028. • http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737 • CWE-399: Resource Management Errors •