16 matches found
EUVD-2018-4355
Malware in sbrugna...
CVE-1999-0354
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message...
PT-2025-20988 · Microsoft · Office
Name of the Vulnerable Software and Affected Versions: Microsoft Office versions prior to the May 2025 updates Description: The issue is related to a use after free vulnerability in Microsoft Office, allowing an unauthorized attacker to execute code locally. This vulnerability can be exploited by...
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the...
The vulnerability of the Microsoft Office Graphics component in the Microsoft Outlook email client allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft Office Graphics component of the Microsoft Outlook email client is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Microsoft Outlook email client, as well as the Microsoft 365 Apps for Enterprise and Microsoft Office products, relates to an operation that goes beyond buffer boundaries in memory. This allows an attacker to execute arbitrary code.
The vulnerability of the Microsoft Outlook email client, as well as the Microsoft 365 Apps for Enterprise and Microsoft Office products, is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
The vulnerability of Microsoft 365 Apps for Enterprise, Microsoft Office, and the Microsoft Outlook email client relates to object processing errors in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft 365 Apps for Enterprise, Microsoft Office, and the Microsoft Outlook email client is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
Microsoft Outlook for iOS Spoofing Vulnerability
Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. A spoofing vulnerability exists in Microsoft Outlook for iOS, which can be exploited by an attacker to perform a cross-site scripting attack on an affected system by sending a specially crafted email to the...
CVE-2018-12381
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected...
CVE-2018-12381
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected...
The vulnerability of the Microsoft Office package, the Microsoft Office Compatibility Pack, and the Microsoft Word text editor allow a perpetrator to execute arbitrary code.
The vulnerability of the Microsoft Office package, the Microsoft Office Compatibility Pack, and the Microsoft Word text editor exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially crafted email messag...
PT-2015-3020
Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2007 SP3 through 2016 Office versions 2010 SP2 Word 2010 version SP2 Word 2013 versions SP1 through RT SP1 Office Compatibility Pack version SP3 Description The issue allows remote attackers to execute arbitrary code vi...
Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability
Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...
EEYE: Windows ANI File Parsing Buffer Overflow
Windows ANI File Parsing Buffer Overflow Systems Affected: Windows Me Windows 2000 Windows XP SP1 and earlier Windows 2003 Overview: eEye Digital Security has discovered a vulnerability in USER32.DLL's handling of Windows animated cursor .ani files that will allow a remote attacker to reliably...
Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability
Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...
Microsoft Internet Explorer 6 - Codebase Double Backslash Local Zone File Execution
source: https://www.securityfocus.com/bid/10344/info A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE object property. Under certain...