38 matches found
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
GHSA-7JC7-G598-2P64 XDocReport affected by an XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
TrojanPraise: Jailbreak LLMs Via Benign Fine-Tuning
The demand of customized large language models LLMs has led to commercial LLMs offering black-box fine-tuning APIs, yet this convenience introduces a critical security loophole: attackers could jailbreak the LLMs by fine-tuning them with malicious data. Though this security issue has recently bee...
Hancom Office Resource Management Error Vulnerability
Hancom Office is a mobile office program from the Korean company Hancom. The program supports viewing and editing documents in multiple formats. A resource management error vulnerability exists in Hancom Office version 2020 HWord 11.0.0.7520, which stems from a security issue in the footer...
The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
SUSE CVE-2006-2197
Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document...
SUSE CVE-2009-0201
Heap-based buffer overflow in OpenOffice.org OOo before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."...
SUSE CVE-2010-3453
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service...
Ascensio System ONLYOFFICE Document Server Input Validation Error Vulnerability
Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. An input validation error vulnerability exists in Ascensio System ONLYOFFICE Document...
MS14-081: Description of the security update for Word 2013: December 9, 2014
Resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.IntroductionThis security update resolves vulnerabilities in Microsoft Office that could...
The vulnerability of the Microsoft Office software arises from an operation that goes beyond buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Microsoft Office package arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted DOCX file...
DEBIAN-CVE-2018-10120
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service heap-based buffer overflow with write access or possibly have unspecifie...
UBUNTU-CVE-2018-10120
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service heap-based buffer overflow with write access or possibly have unspecifie...
Microsoft Word Line Formatting Denial of Service Vulnerability
Microsoft Word is an office word processing system developed by Microsoft. webGate is an APM solution for real-time monitoring and performance management of business-critical systems based on J2EE architecture. A security vulnerability in Microsoft Word line formatting allows an attacker to...
Microsoft Word PlfLfo Structure Memory Corruption (MS08-072) - Ver2 (CVE-2008-4024)
Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to a memory corruption error in Microsoft Word that fails to properly handle specially crafted Word files. A remote attacker could trigger th...
CVE-2014-1252
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Microsoft Word file...
CVE-2012-2550
Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted Word .doc file, aka "Works Heap Vulnerability."...
CVE-2012-2550
Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted Word .doc file, aka "Works Heap Vulnerability."...
Microsoft Word Access Violation Code Execution (MS11-099; CVE-2011-1983)
A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is due to an error in the way Microsoft Word handles objects in memory. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted Word file with an affected version...
Buffer overflow
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Microsoft Word document...