216 matches found
CVE-2016-4264
The Office Open XML OOXML feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity...
CVE-2016-4264
CVE-2016-4264 affects Adobe ColdFusion 10 (before Update 21) and 11 (before Update 10). The OOXML feature parser is vulnerable to XML External Entity (XXE) processing via a crafted OOXML spreadsheet containing an external entity declaration and an entity reference, enabling reading of arbitrary f...
apache-poi: entity expansion (billion laughs) flaw
It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption...
apache-poi: entity expansion (billion laughs) flaw
It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption...
apache-poi: entity expansion (billion laughs) flaw
It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption...
apache-poi: XML eXternal Entity (XXE) flaw
It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity...
DEBIAN-CVE-2014-3574
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, aka an XML Entity Expansion XEE attack...
openSUSE Security Update : libreoffice (openSUSE-SU-2012:1686-1)
LibreOffice was updated to 3.5.4.13 3.5.6rc2 based, fixing a security issue and lots of bugs : - NULL pointer dereference bnc778669, CVE-2012-4233 - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix bnc734733 - update to...
DEBIAN-CVE-2013-4156
Apache OpenOffice.org OOo before 4.0 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted element in an OOXML document file...
UBUNTU-CVE-2013-4156
Apache OpenOffice.org OOo before 4.0 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted element in an OOXML document file...
VulnCheck KEV: CVE-2009-0561
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft...
[SECURITY] Fedora 17 Update: apache-poi-3.8-2.fc17
The Apache POI Project's mission is to create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards OOXML and Microsoft's OLE 2 Compound Document format OLE2. In short, you can read and write MS Excel files using Java. In addition, you can read and...
Fedora Update for apache-poi FEDORA-2012-7683
Check for the Version of apache-poi OpenVAS Vulnerability Test Fedora Update for apache-poi FEDORA-2012-7683 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Fedora Update for apache-poi FEDORA-2012-7686
Check for the Version of apache-poi OpenVAS Vulnerability Test Fedora Update for apache-poi FEDORA-2012-7686 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
VulnCheck KEV: CVE-2011-1269
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory,...
Heap overflow
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which...
Design/Logic Flaw
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats...
CVE-2011-1988
Microsoft Excel heap memory corruption vulnerability (MS11-072) tied to parsing BIFF2 records in Excel files can allow remote code execution. Affected products include Excel 2003 SP3, 2007 SP2, Office 2007 SP2, Office for Mac variants, Open XML Converter for Mac, Excel Viewer SP2, and related Mac...
Microsoft Excel畸形记录远程代码执行漏洞(MS11-072)
BUGTRAQ ID: 49478 CVECAN ID: CVE-2011-1988 Microsoft Excel是由Microsoft为Windows和Apple Macintosh操作系统的电脑而编写和运行的一款试算表软件。 Microsoft Excel在处理畸形记录时存在远程代码执行漏洞,远程攻击者可利用此漏洞以当前用户权限执行任意代码。 Excel解析电子表格文件中的特制记录时,其中的特定值可触发内存破坏漏洞。 Microsoft Excel 2010 Microsoft Excel 2007 Microsoft Excel 2003 Microsoft Office...
Microsoft Excel数组索引远程代码执行漏洞(MS11-072)
BUGTRAQ ID: 49477 CVECAN ID: CVE-2011-1987 Microsoft Excel是由Microsoft为Windows和Apple Macintosh操作系统的电脑而编写和运行的一款试算表软件。 Microsoft Excel在处理特制Excel文件时存在远程代码执行漏洞,远程攻击者可利用此漏洞以当前用户权限执行任意代码,可能造成拒绝服务。...