Lucene search
+L

67 matches found

saint
saint
added 2014/07/24 12:0 a.m.73 views

Microsoft Word RTF Object Confusion

Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...

9.3CVSS7.9AI score0.7746EPSS
Exploits10
threatpost
threatpost
added 2014/03/25 11:5 a.m.10 views

Word Zero Day Attacks Use Complex Chain of Exploits

The exploit that attackers are using to target a zero day vulnerability in Microsoft Word relies on a complex series of pieces, including an ASLR bypass, ROP techniques and shellcode with several layers of tools designed to detect and defeat analysis. Microsoft officials said the exploit is being...

0.2AI score
Exploits0References3
thn
thn
added 2014/03/24 7:37 p.m.90 views

Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the Google security team. “At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010…” company said. According to Microsoft's...

9.3CVSS9.3AI score0.7746EPSS
Exploits10
zdi
zdi
added 2013/02/14 12:0 a.m.38 views

Microsoft Windows OLE Automation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Microsoft...

6.8CVSS3.3AI score0.22701EPSS
Exploits0References1
openvas
openvas
added 2012/12/12 12:0 a.m.25 views

Microsoft Office Word Remote Code Execution Vulnerability (2780642)

This host is missing a critical security update according to Microsoft Bulletin MS12-079. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS5AI score0.53159EPSS
Exploits1References11
nessus
nessus
added 2012/10/10 12:0 a.m.39 views

MS12-064: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

The version of Office, Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office Web Apps, and/or Microsoft Share Point Server installed on the remote host is affected by multiple remote code execution vulnerabilities : - A flaw in the way Microsoft Word handles Word files can allow an...

9.3CVSS6.2AI score0.68323EPSS
Exploits2References3
openvas
openvas
added 2012/10/10 12:0 a.m.43 views

Microsoft Office Word Remote Code Execution Vulnerabilities (2742319)

This host is missing a critical security update according to Microsoft Bulletin MS12-064. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS5AI score0.68323EPSS
Exploits2References10
threatpost
threatpost
added 2012/09/14 5:25 p.m.199 views

Tool Scans for RTF Files Spreading Malware in Targeted Attacks

Exploits embedded inside Microsoft Office documents such as Word, PDFs and Excel spreadsheets have been at the core of many targeted attacks during the past 24 months. Detection of these attack methods is improving and nimble hackers are recognizing the need for new avenues into enterprise...

9.3CVSS7.3AI score0.99966EPSS
Exploits12References6
nvd
nvd
added 2012/04/10 9:55 p.m.41 views

CVE-2012-0158

The 1 ListView, 2 ListView2, 3 TreeView, and 4 TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1...

9.3CVSS9.8AI score0.99966EPSS
Exploits12References13
openvas
openvas
added 2011/01/31 12:0 a.m.37 views

RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01

Check for the Version of openoffice.org and openoffice.org2 OpenVAS Vulnerability Test RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

9.3CVSS0.1AI score0.10731EPSS
Exploits0References2
nessus
nessus
added 2011/01/31 12:0 a.m.50 views

RHEL 4 : openoffice.org and openoffice.org2 (RHSA-2011:0181)

Updated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

9.3CVSS6.3AI score0.10731EPSS
Exploits0References15
redhat
redhat
added 2011/01/28 3:20 p.m.54 views

Important: Red Hat Security Advisory: openoffice.org security and bug fix update

Updated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

9.3CVSS6.4AI score0.10731EPSS
Exploits0References10
securityvulns
securityvulns
added 2009/12/15 12:0 a.m.50 views

Cross-Site Scripting vulnerabilities in Invision Power Board

Hello 3APA3A! I want to warn you about new vulnerabilities in Invision Power Board. These are Cross-Site Scripting vulnerabilities. Attack is going via attachment at click on the attachment in the post at forum or on the link to this attachment. These are persistent XSS vulnerabilities. I know fo...

2AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2008/05/13 12:0 a.m.23 views

Microsoft Word RTF File Handling Memory Corruption (MS08-026; CVE-2008-1091)

A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to a memory calculation error in Microsoft Word that fails to properly handle specially crafted Rich Text Format .rtf files. A remote attacker could trigger this flaw by convincing a victim to op...

9.3CVSS6.9AI score0.40511EPSS
Exploits1
openvas
openvas
added 2008/01/17 12:0 a.m.22 views

Debian: Security Advisory (DSA-1307-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.6AI score0.06021EPSS
Exploits0References3
nessus
nessus
added 2007/11/06 12:0 a.m.18 views

Fedora 7 : openoffice.org-2.2.0-14.11 (2007-0410)

This update fixes a possible buffer overrun in hand-crafted rtf files that use the custom /prtdata tag. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much a...

9.3CVSS5.6AI score0.06021EPSS
Exploits0References2
nessus
nessus
added 2007/07/03 12:0 a.m.37 views

GLSA-200707-02 : OpenOffice.org: Two buffer overflows

The remote host is affected by the vulnerability described in GLSA-200707-02 OpenOffice.org: Two buffer overflows John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the 'prdata' tag in RTF files where the first token is smaller than the second one CVE-2007-0245...

9.3CVSS6.3AI score0.06021EPSS
Exploits1References4
nessus
nessus
added 2007/06/14 12:0 a.m.19 views

Debian DSA-1307-1 : openoffice.org - heap overflow

John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...

9.3CVSS5.9AI score0.06021EPSS
Exploits0References2
osv
osv
added 2007/06/12 12:0 a.m.27 views

DSA-1307-1 openoffice.org - heap overflow

Bulletin has no description...

9.3CVSS6AI score0.06021EPSS
Exploits0
securityvulns
securityvulns
added 2007/03/16 12:0 a.m.70 views

Microsoft MFC memory corruption

Memory corruption on RTF files parsing. Can be used for hidden malware installation...

10CVSS3.4AI score0.36509EPSS
Exploits0References2
Rows per page
Query Builder