CVE-2025-14414

Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

EUVD-2025-204985

Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14414 Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability

Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.

Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE. Author: nu11secur1ty Date: 07.18.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office Reference: https://portswigger.net/web-security/access-control...

Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit RCE Exploit

Title: Microsoft Outlook Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit - Remote Code Execution Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference:...

New steganography attack targets Azerbaijan

This blog post was authored by Hossein Jazi Threat actors often vary their techniques to thwart security defenses and increase the efficiency of their attacks. One of the tricks they use is known as steganography and consists of hiding content within images. We recently observed a malicious Word...

MS15-022: Description of the security update for SharePoint Server 2013: March 10, 2015

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.IntroductionThis security update resolves vulnerabilities in Microsoft Office that could...

Authentication flaw

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality residen...

CVE-2017-6324

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality residen...

Microsoft SharePoint Server WAS Multiple Vulnerabilities (3038999)

This host is missing an important security update according to Microsoft Bulletin MS15-022. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Office Word 2007 - sprmCMajority Buffer Overflow

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/...

Microsoft Office Remote Code Execution Vulnerabilities (2489293)

This host is missing a critical security update according to Microsoft Bulletin MS11-023. OpenVAS Vulnerability Test $Id: secpodms11-023.nasl 7585 2017-10-26 15:03:01Z cfischer $ Microsoft Office Remote Code Execution Vulnerabilities 2489293 Authors: Madhuri D Copyright: Copyright c 2011 SecPod,...

Microsoft Word Unchecked Index Value Remote Code Execution (MS10-079; CVE-2010-2750)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in the way that Microsoft Word handles index values inside a specially crafted Word file. The vulnerability is due to an error in Microsoft Word that fails to properly parse specially...

VUPEN Security Research - Microsoft Office Word Document Buffer Overflow Vulnerability (CVE-2010-2748)

VUPEN Security Research - Microsoft Office Word Document Buffer Overflow Vulnerability CVE-2010-2748 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Microsoft Office Word, included in the Microsoft Office suite, is a powerful authoring program that gives the ability ...

Memory corruption

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Wo...

Memory corruption

Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."...

CVE-2008-1092

Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026...

CVE-2008-1092

CVE-2008-1092 describes a buffer overflow in the Microsoft Jet Database Engine (msjet40.dll) prior to 4.0.9505.0 that allows remote code execution via a crafted Word file. The issue is associated with the Jet Engine and is stated to be the same as CVE-2007-6026 in sources; exploitation was report...

CVE-2008-0109

Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block FIB of a Word file, which triggers length calculation errors and memory corruption...

CVE-2007-3899

Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."...