libreoffice: Arbitrary file disclosure in Calc and Writer

It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document...

Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-04

Exploit for windows platform in category local exploits require 'zip' require 'base64' require 'msf/core' require 'rex/ole' class MetasploitModule 'Office OLE Multiple DLL Side Loading Vulnerabilities', 'Description' = %q Multiple DLL side loading vulnerabilities were found in various COM...

CVE-2017-3157

It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document...

Microsoft Outlook RTF Embedded Object Security Bypass (CVE-2004-0503)

A security bypass vulnerability exists in Microsoft Outlook. The vulnerability is due to a lack of validation for certain OLE objects attached to RTF messages. A successful exploitation may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-locati...

MS IE 5/6 OBJECT Tag Same Origin Policy Violation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5196/info Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a w...

Microsoft Excel Embedded Object Validation Integer Overflow - Ver2 (CVE-2008-3477)

An integer overflow vulnerability has been reported inMicrosoft Office Excel. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Integer overflow

Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to...

CVE-2008-3477

CVE-2008-3477 affects Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2/SP3, in which the VBA Performance Cache handling of embedded objects can be abused to execute arbitrary code. The root cause is from heap-based and other memory corruptions (overflow/invalid indexing) when processing an object...

CVE-2008-3477

Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to...

CVE-2006-1190

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code...

linux-realplayer -- heap overflow

iDefense Reports: Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user. In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a...

Opera < 7.54 Empty Embedded Object DoS

The version of Opera installed on the remote host contains a flaw that allows an attacker to crash this browser remotely. To exploit this flaw, an attacker would need to craft a rogue website containing an embedded 'CCCC' object with an empty 'src' tag in it and would need to lure a victim to vis...