Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)

Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution 947081 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important security update resolves three privately reported...

Code injection

Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."...

CVE-2008-0108

CVE-2008-0108 is a remote code execution vulnerability in Microsoft Works File Converter (wkcvqd01.dll) used to convert .wps files to Rich Text. The root cause is improper validation of field lengths in the Works File Converter, leading to a stack-based buffer overflow when handling crafted field...

Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability

Description Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the...

Microsoft Word数组数据处理远程代码执行漏洞（MS07-024）

Microsoft Word是Office套件中的文字处理工具。 Microsoft Word在处理数组数据时存在输入验证漏洞，远程攻击者可能利用此漏洞控制用户机器。 Word处理数组中的数据时没有执行充分的验证，如果用户受骗打开了恶意的Word文档的话，就可能导致执行任意代码。 Microsoft Office 2004 for Mac Microsoft Word Viewer 2003 Microsoft Word 2003 SP2 Microsoft Word 2002 SP3 Microsoft Word 2000 SP3 Microsoft Works Suite 2006...

CVE-2007-1202

Word or Word Viewer in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrar...

Design/Logic Flaw

Word or Word Viewer in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrar...

CVE-2007-1202

CVE-2007-1202 is the Word RTF Parsing Vulnerability. It affects Word/Word Viewer and related Office products (Office 2000 SP3, Word 2000; Office XP SP3/Word 2002; Office 2003 SP2/Word 2003; Word Viewer 2003; Office 2004 for Mac; Works Suites 2004–2006) where Word mishandles rich text property str...

CVE-2007-1202

Word or Word Viewer in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrar...

Buffer overflow

Word or Word Viewer in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."...

CVE-2007-0035

Word or Word Viewer in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."...

CVE-2007-0035

Word or Word Viewer in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."...

CVE-2007-0035

CVE-2007-0035 is the Word Array Overflow vulnerability in Microsoft Word/Word Viewer across Office 2000 SP3, XP SP3, 2003 SP2, Word 2004 for Mac, and Works Suite 2004–2006. The issue arises from improper handling of data in a certain array, enabling user-assisted remote code execution when a craf...

Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution 934232 Published: May 8, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Word Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...

Word 格式错误的字符串漏洞(MS07-014)

在 Microsoft Word 以一个特制的字符串处理 Word 文件的方式中存在一个远程执行代码漏洞。 此类特制文件可能包括在电子邮件附件中或宿主在恶意网站上。 攻击者可以通过构建特制的 Word 文件来利用此漏洞，此文件可能允许远程执行代码。 Microsoft Office 2000 Service Pack 3 Microsoft Word 2000 Microsoft Office XP Service Pack 3 Microsoft Word 2002 Microsoft Office 2003 Service Pack 2 Microsoft Word 2003...

Code injection

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code...

CVE-2007-0208

CVE-2007-0208 is the Microsoft Word Macro Vulnerability described in MS07-014. Word 2000 SP3, Word 2002/XP SP3, Word 2003 SP2, Works 2004–2006, and Word 2004 for Mac are affected by a flaw where Word does not properly validate the document’s properties, failing to display the macro security warni...

Microsoft Excel Malformed Palette Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, which can result in the compromise of affected computers. Technologies Affected Microsoft...

Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the user running the application. The attacker could leverage the issue to compromise affected computers. Technologies Affected...

Microsoft Office畸形传送名单远程代码执行漏洞（MS06-012）

Microsoft Office是非常流行的办公软件。 Microsoft Office在处理Office文档时存在漏洞，成功利用此漏洞的攻击者可以完全控制受影响的系统。 攻击者可以通过在Office文档内构建特制的传送名单来利用此漏洞，可能允许远程执行代码。 Microsoft Office XP SP3 Microsoft Office X for Mac Microsoft Office 2004 for Mac Microsoft Office 2003 Service Pack 2 Microsoft Office 2003 Service Pack 1 Microsoft...