59 matches found
Memory corruption
Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."...
CVE-2011-3403
CVE-2011-3403 affects Microsoft Excel 2003 SP3 and Office 2004 for Mac, where improper handling of in-memory objects during parsing of crafted Excel files enables remote code execution. The vulnerability, dubbed “Record Memory Corruption Vulnerability,” is rated CVSSv2 base 9.3 (Network, single a...
CVE-2011-1278
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."...
CVE-2011-1278
CVE-2011-1278 affects Microsoft Excel 2002 SP3 and Office 2004 for Mac. The issue arises when parsing Excel record information, where input validation failures can lead to remote code execution or memory corruption via a crafted spreadsheet (Excel WriteAV vulnerability). The vulnerability is tied...
Microsoft Office艺术绘图记录解析内存破坏漏洞(MS10-087)
BUGTRAQ ID: 44656 CVE ID: CVE-2010-3334 Microsoft Office是非常流行的办公软件套件。 Office在解析艺术绘图记录时没有充分地执行验证,如果msofbtSp记录指定了某些标志就可以触发内存破坏,导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office for Mac 2011 Microsoft Office 2010 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Office 2003...
Microsoft Office Art Drawing Record Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the...
VUPEN Security Research - Microsoft Office Word Document Buffer Overflow Vulnerability (CVE-2010-2748)
VUPEN Security Research - Microsoft Office Word Document Buffer Overflow Vulnerability CVE-2010-2748 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Microsoft Office Word, included in the Microsoft Office suite, is a powerful authoring program that gives the ability ...
VUPEN Security Research - Microsoft Office Excel Formula Record Buffer Overflow Vulnerability (CVE-2010-3231)
VUPEN Security Research - Microsoft Office Excel Formula Record Buffer Overflow Vulnerability CVE-2010-3231 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share...
CVE-2010-3221
Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."...
CVE-2010-3216
Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."...
Memory corruption
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."...
CVE-2010-3221
Microsoft Word Remote Code Execution (CVE-2010-3221) arises from memory corruption when parsing crafted Word documents, allowing remote code execution. Affected products across the Word family include Word 2002 SP3, 2003 SP3, Word Viewer, and Office/Word for Mac variants cited in MS10-079 materia...
Microsoft Word Uninitialized Pointer (CVE-2010-2747) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel Out-of-Bounds Memory Write (CVE-2010-3241) Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel Ghost Record Type Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers...
Microsoft Word RTF解析引擎远程内存破坏漏洞(MS10-056)
BUGTRAQ ID: 42132 CVE ID: CVE-2010-1901 Word是微软Office套件中的文字处理工具。 在处理包含有某些控制字的RTF文档时,RTF解析引擎可能错误的从RTF文件读取值,导致内存破坏。成功利用此漏洞的攻击者可以获得与本地用户相同的权限。 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Word 2007 SP2 Microsoft Word 2003 SP3 Microsoft Word 2002 SP3 临时解决方法: 以纯文本格式阅读电子邮件。...
Microsoft Word sprmCMajority记录解析栈溢出漏洞(MS10-056)
BUGTRAQ ID: 42136 CVE ID: CVE-2010-1900 Word是微软Office套件中的文字处理工具。 在解析Word文档中的sprmCMajority记录时,由于处理sprmCMajority sprm组没有对参数执行检查,攻击者可以控制写入到栈缓冲区中的数据数量,触发栈溢出。成功利用此漏洞的攻击者可完全控制受影响的系统。 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Word 2007 SP2 Microsoft Word 2003 SP3 Microsoft Wo...
Memory corruption
Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture 0x866 record, aka "Excel HFPicture Memory Corruption Vulnerability."...
Spoofing
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."...
CVE-2010-1250
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed 1 EDG 0x88 and 2 Publisher 0x89 records, aka "Excel EDG Memory...