197 matches found
CVE-2008-4031
CVE-2008-4031 is a remote code execution vulnerability in Microsoft Office Word/Word components caused by a memory corruption during parsing of Rich Text Format (RTF) content. The issue can be triggered when a user opens a specially crafted RTF file or previews a malicious RTF email, potentially ...
CVE-2008-4031
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac...
ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability
ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-085 December 9, 2008 -- CVE ID: CVE-2008-4028 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Word Microsoft Outlook -- TippingPointTM IPS Customer...
Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
Microsoft Security Bulletin MS08-072 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution 957173 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves eight privately reported vulnerabilities in Microsoft Offi...
Microsoft Word中的RTF多个图形对象标记远程代码执行漏洞
Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. Microsoft...
Microsoft Word RTF '\do' 图形对象的远程堆内存溢出漏洞(MS08-072)
Microsoft Word is prone to a remote heap memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user...
Microsoft Word RTF Object Parsing Memory Corruption (MS08-072; CVE-2008-4030)
Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...
Microsoft Word RTF Control Word Handling Integer Overflow (MS08-072; CVE-2008-4025)
Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...
Microsoft Word RTF Stylesheet Control Word Memory Corruption (MS08-072; CVE-2008-4031)
Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to an error in Microsoft Word that fails to properly handle malformed Rich Text Format .rtf files. A remote attacker could trigger this flaw ...
Microsoft Word RTF Drawing Primitives Remote Code Execution (MS08-072; CVE-2008-4028)
Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...
Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw...
Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in use...
Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability
Description Microsoft Word is prone to an integer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow...
Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability
Description Microsoft Word is prone to a remote heap memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...
PureMessage for Microsoft Exchange RTF远程拒绝服务漏洞
BUGTRAQ ID:30881 CNCAN ID:CNCAN-2008082907 PureMessage for Microsoft Exchange是一款针对Microsoft Exchange邮件服务器的垃圾邮件防护软件。 PureMessage for Microsoft Exchange处理RTF存在问题,远程攻击者可以利用漏洞使应用程序崩溃,造成拒绝服务攻击。 -对RTF或PDF文件执行内容扫描时可导致PureMessage扫描服务PMScanner.exe终止或挂起,导致消息积存在队列中或SPAM规则更新不能完成。 -在Exchange...
Eudora 6.0.3 Attachment Spoofing Exploit (windows)
No description provided by source. !/usr/bin/perl -- use MIME::Base64; print "From: me\n"; print "To: you\n"; print "Subject: Eudora 6.0.3 on Windows spoof, LaunchProtect\n"; print "MIME-Version: 1.0\n"; print "Content-Type: multipart/mixed; boundary="zzz"\n"; print "\n"; print "This is a...
Microsoft Word RTF畸形字符串处理堆溢出漏洞(MS08-026)
BUGTRAQ ID: 29104 CVECAN ID: CVE-2008-1091 Microsoft Word是Office套件中的文字处理软件。 Word处理特制RTF格式(.rtf)文件的方式中存在堆溢出漏洞,如果用户在Word中打开带有畸形字符串的特制.rtf文件,或在富文本电子邮件中预览带有畸形字符串的特制.rtf文件,就会触发这个溢出,导致执行任意指令。 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Outlook 2007 SP1 Microsoft Outlook 2007...
Debian Security Advisory DSA 894-1 (abiword)
The remote host is missing an update to abiword announced via advisory DSA 894-1. Chris Evans discoverd several buffer overflows in the RTF import mechanism of AbiWord, a WYSIWYG word processor based on GTK 2. Opening a specially crafted RTF file could lead to the execution of arbitrary code. For...
ClamAV antivirus multiple security vulnerabilities
DoS on RTF and HTML parsing...
Mandrake Linux Security Advisory : clamav (MDKSA-2007:172)
A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference CVE-2007-4510. A vulnerability in clamav-milter, when run in black hole mode, could...