Lucene search
K
MicrosoftExcel Viewer2003

47 matches found

CVE
CVE
added 2009/11/11 7:0 p.m.1009 views

CVE-2009-3129

CVE-2009-3129 concerns a remote-code-execution vulnerability in Microsoft Office Excel and related components caused by a FEATHEADER record with an invalid cbHdrData size that affects a pointer offset. Affected products include Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Open XML File Format Converte...

9.3CVSS7.5AI score0.85731EPSS
In wild
CVE
CVE
added 2009/10/14 10:0 a.m.160 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.157 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2009/11/11 8:0 p.m.150 views

CVE-2009-3130

CVE-2009-3130 corresponds to the Excel Document Parsing Heap Overflow vulnerability. Affected software includes Microsoft Office Excel 2002 SP3, Excel 2003 and newer on Windows via BIFF parsing, and Office for Mac variants plus the Open XML File Format Converter for Mac. The root cause is imprope...

9.3CVSS7.7AI score0.28934EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.146 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.129 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.118 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.105 views

CVE-2009-2504

CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...

9.3CVSS9.7AI score0.20982EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.103 views

CVE-2009-2503

CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...

9.3CVSS9.6AI score0.22205EPSS
CVE
CVE
added 2008/01/16 10:0 p.m.102 views

CVE-2008-0081

CVE-2008-0081 corresponds to the Macro Validation Vulnerability in Microsoft Excel and related Office components. A remote code execution flaw exists when opening specially crafted Excel files with macros, caused by improper validation of macro/memory handling, affecting Excel 2000 SP3 through 20...

9.8CVSS9.6AI score0.57908EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.98 views

CVE-2006-3877

PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...

9.3CVSS7.1AI score0.12509EPSS
CVE
CVE
added 2007/02/03 1:0 a.m.94 views

CVE-2007-0671

CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...

9.3CVSS7.5AI score0.42139EPSS
In wild
CVE
CVE
added 2009/11/11 7:0 p.m.90 views

CVE-2009-3127

CVE-2009-3127 (Excel Cache Memory Corruption) is a remote code execution vulnerability in Microsoft Office Excel variants: Excel 2002 SP3, 2003 SP3, 2004/2008 for Mac, Open XML File Format Converter for Mac, and Excel Viewer 2003 SP3. It stems from improper parsing of the Excel file format, allow...

9.3CVSS7.3AI score0.25075EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.84 views

CVE-2008-4019

CVE-2008-4019 is an integer overflow in Excel’s REPT function used when parsing a formula within a cell, affecting multiple Windows and Mac Excel versions (e.g., 2000 SP3, 2002 SP3, 2003 SP2/SP3, 2007 Gold/SP1) and related viewers/compat packs. The vulnerability allows remote code execution if a ...

9.3CVSS7.5AI score0.34415EPSS
CVE
CVE
added 2009/11/11 7:0 p.m.82 views

CVE-2009-3128

CVE-2009-3128 describes a remote code execution vulnerability in Microsoft Office Excel via a malformed SxView record in Excel files. Affects Excel 2002 SP3, Excel 2003 SP3, and Excel Viewer 2003 SP3; exploitation leads to arbitrary code execution with the attacker gaining the user’s privileges. ...

9.3CVSS7.3AI score0.24879EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.81 views

CVE-2008-0115

CVE-2008-0115 : A remote-code-execution vulnerability in Microsoft Excel’s Formula Parsing affects Excel 2000 SP3–2007, Excel Viewer 2003, the Office Compatibility Pack, and Office for Mac 2004. The issue arises from improper handling of malformed formulas, allowing a user-assisted attacker to tr...

9.3CVSS9.7AI score0.39333EPSS
CVE
CVE
added 2009/11/11 8:0 p.m.81 views

CVE-2009-3132

CVE-2009-3132 is the Excel Index Parsing Vulnerability: a remote-code-execution flaw in Microsoft Office Excel where pointer corruption occurs while parsing Excel formulas/indices in affected Office Excel versions (Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, plus Mac variants and viewers). A crafted ...

9.3CVSS7.4AI score0.25883EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.80 views

CVE-2008-3471

CVE-2008-3471 is a stack-based buffer overflow in Microsoft Excel’s BIFF file format parsing, triggered by a malformed record in a .xls file. Affected products include Excel 2000 SP3, 2002 SP3, 2003 SP2/SP3, 2007 Gold/SP1, Excel Viewer (2003 SP3) and related Mac components, as well as the Open XM...

9.3CVSS7.8AI score0.52318EPSS
CVE
CVE
added 2009/11/11 8:0 p.m.78 views

CVE-2009-3134

CVE-2009-3134 is the Excel Field Sanitization Vulnerability. It affects Microsoft Office Excel components across Windows and Mac platforms listed in the entries, including Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Office 2004/2008 for Mac, Open XML Converter for Mac, Excel Viewer SKUs, and the Offi...

9.3CVSS7.4AI score0.25777EPSS
CVE
CVE
added 2006/07/13 9:0 p.m.72 views

CVE-2006-2388

Summary: CVE-2006-2388 is a remote code execution vulnerability in Microsoft Office Excel (2000–2004) caused by a flaw when Excel rebuilds metadata after processing malformed cell comments. An attacker must lure a user into opening a crafted .XLS file, which could allow code execution with the cu...

9.3CVSS7.2AI score0.10784EPSS
CVE
CVE
added 2007/01/09 10:0 p.m.72 views

CVE-2007-0027

CVE-2007-0027 affects Microsoft Excel versions including Excel 2000 SP3, 2002 SP3, 2003 SP2, Excel 2004 for Mac, and Excel v.X for Mac. The flaw is a remote code execution due to memory corruption when parsing malformed IMDATA records in BIFF Excel files. An attacker could exploit this by enticin...

9.3CVSS7.6AI score0.3117EPSS
CVE
CVE
added 2006/06/17 1:0 a.m.70 views

CVE-2006-3059

Technical details for CVE-2006-3059 are not provided in the supplied documents; no affected product/version/impact is specified beyond a generic note. Monitor for updates.

9.3CVSS7.3AI score0.41113EPSS
CVE
CVE
added 2007/01/09 11:0 p.m.70 views

CVE-2007-0029

CVE-2007-0029 is the Excel Malformed String Vulnerability affecting Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and Excel 2004/Mac (and Excel v.X for Mac). The issue allows user-assisted remote attackers to achieve arbitrary code execution by parsing a malformed string in Excel files. Microsoft...

9.3CVSS7.6AI score0.30079EPSS
CVE
CVE
added 2007/01/09 11:0 p.m.70 views

CVE-2007-0030

CVE-2007-0030 is the Excel Malformed Column Record Vulnerability. A memory corruption flaw occurs when parsing the BIFF8 Column field, allowing a remote attacker to execute arbitrary code by convincing a user to open a crafted Excel file. Affected products include Microsoft Excel 2000 SP3, 2002 S...

9.3CVSS7.4AI score0.32093EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.70 views

CVE-2008-4266

CVE-2008-4266 (Excel Global Array Memory Corruption Vulnerability) is a remote code execution flaw in Microsoft Office Excel and related components (Excel 2000 SP3, 2002 SP3, 2003 SP3; Excel Viewer 2003 Gold/SP3; Office 2004/2008 for Mac; Open XML File Format Converter for Mac). The vulnerability...

9.3CVSS7.3AI score0.27585EPSS
CVE
CVE
added 2007/01/09 11:0 p.m.69 views

CVE-2007-0031

CVE-2007-0031 affects Microsoft Excel: heap-based buffer overflow in BIFF8 PALETTE records can allow a user-assisted remote attacker to execute arbitrary code. Vulnerable products include Excel 2000 SP3, 2002 SP3, 2003 SP2, and Mac versions (2004 for Mac, v.X for Mac). The flaw is triggered by op...

9.3CVSS7.7AI score0.41694EPSS
CVE
CVE
added 2009/11/11 8:0 p.m.69 views

CVE-2009-3131

CVE-2009-3131 is the Excel Formula Parsing Memory Corruption vulnerability. The issue affects Microsoft Office Excel and related components across multiple platforms: Excel 2002 SP3, 2003 SP3, and 2007 SP1/SP2; Office 2004/2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer 2003 SP...

9.3CVSS7.3AI score0.24879EPSS
CVE
CVE
added 2009/11/11 8:0 p.m.69 views

CVE-2009-3133

CVE-2009-3133 is the Excel Document Parsing Memory Corruption vulnerability affecting Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and the Open XML File Format Converter for Mac. It arises from memory corruption when loading Excel records (malformed objects), enabling remote cod...

9.3CVSS7.4AI score0.24879EPSS
CVE
CVE
added 2007/05/09 6:0 p.m.68 views

CVE-2007-0215

CVE-2007-0215 is a stack-based buffer overflow in Microsoft Excel that occurs while processing a Named Graph record in .XLS BIFF files. The vulnerability affects Excel 2000 SP3, 2002 SP3, 2003 SP2, and Excel 2003 Viewer, and is exploitable via a crafted Excel file opened by a user, leading to mem...

7.6CVSS7.6AI score0.31546EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.68 views

CVE-2008-0111

CVE-2008-0111 : A remote code execution vulnerability in Microsoft Excel 2000 SP3 through 2007, Excel Viewer 2003, Compatibility Pack, and Office 2004 for Mac exists due to improper validation of data in BIFF8 data validation records when loading files. Exploitation requires a user to open a craf...

9.3CVSS9.7AI score0.50862EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.67 views

CVE-2006-3875

CVE-2006-3875 : A remote code execution vulnerability in Microsoft Excel arises when parsing COLINFO records in XLS files. The COLINFO record parsing flaw can be exploited by a crafted Excel file to execute arbitrary code in the caller’s security context. Affected products include Microsoft Excel...

5.1CVSS7.1AI score0.09321EPSS
CVE
CVE
added 2007/05/08 10:0 p.m.66 views

CVE-2007-1203

CVE-2007-1203 is a remote code execution vulnerability in Microsoft Excel where specially crafted set font values in Excel files can cause memory corruption. Affected products include Excel 2000 (SP3), 2002 (SP3), 2003 (SP2), 2003 Viewer, and 2004 for Mac, plus Excel 2007. The root cause involves...

9.3CVSS7.4AI score0.31037EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.65 views

CVE-2006-3867

CVE-2006-3867 is a remote code execution vulnerability in Microsoft Excel triggered when Excel handles a crafted Lotus 1-2-3 file. The issue affects Excel on Windows (2000, XP, 2003) and Excel Viewer 2003, as well as Excel for Mac (2004) and Office v.X for Mac. The root cause is improper parsing ...

5.1CVSS7.1AI score0.09321EPSS
CVE
CVE
added 2007/01/09 11:0 p.m.65 views

CVE-2007-0028

CVE-2007-0028 affects multiple Excel variants: Excel 2000, 2002, 2003, Excel Viewer 2003, Office 2004 for Mac, and Office v.X for Mac. The vulnerability stems from improper handling of certain opcodes during Excel file parsing, which can corrupt memory and allow user‑assisted remote attackers to ...

9.3CVSS7.4AI score0.32981EPSS
CVE
CVE
added 2007/05/08 10:0 p.m.64 views

CVE-2007-1214

The CVE-2007-1214 issue affects Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac. It is a memory corruption/remote code execution vulnerability in the handling of Excel BIFF8 AutoFilter records; a crafted XLS file can trigger the flaw. Attack vector involves a user-open...

6.8CVSS7.3AI score0.28478EPSS
CVE
CVE
added 2007/07/10 10:0 p.m.64 views

CVE-2007-1756

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 are affected by CVE-2007-1756 due to improper validation of version information, which can lead to memory corruption and remote code execution when a crafted Excel file is opened. The vulnerability is triggered by us...

9.3CVSS7.3AI score0.32046EPSS
CVE
CVE
added 2007/07/10 10:0 p.m.63 views

CVE-2007-3030

CVE-2007-3030 maps to a Workbook Memory Corruption vulnerability in Microsoft Excel affecting multiple products (Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer; also Mac OS X Excel 2004 per MS07-036). The issue arises when handling malformed Excel workbooks, leading to memory corruption that...

7.6CVSS7.3AI score0.25033EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.63 views

CVE-2008-0117

CVE-2008-0117 refers to a remote code execution vulnerability in Microsoft Excel related to crafted conditional formatting values. Affected are Excel 2000 SP3, Excel 2002 SP2, and Office for Mac 2004/2008. Exploitation requires a user to open a specially crafted file, enabling arbitrary code exec...

9.3CVSS9.6AI score0.33362EPSS
CVE
CVE
added 2006/07/13 10:0 p.m.62 views

CVE-2006-1308

CVE-2006-1308 is a remote code execution vulnerability in Microsoft Excel (2000–2004) caused by processing a malformed FNGROUPCOUNT value in an Excel file. The issue can be triggered when opening a specially crafted .xls, potentially allowing an attacker to execute arbitrary code in the security ...

9.3CVSS7.1AI score0.09278EPSS
CVE
CVE
added 2006/07/13 9:0 p.m.61 views

CVE-2006-1304

Microsoft Excel 2000–2003 contains a remote code execution vulnerability in the COLINFO record processing that can be triggered by a specially crafted .xls file. The underlying issue is a buffer overflow during a data filling operation, which could allow an attacker to execute arbitrary code with...

9.3CVSS7.4AI score0.10884EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.59 views

CVE-2008-0113

CVE-2008-0113 refers to a remote code execution vulnerability in Microsoft Office Excel Viewer 2003 up to SP3, caused by an allocation error when parsing specially crafted Excel files with malformed cell comments. Patches exist (MS08-016) that modify how Office allocates memory during file openin...

9.3CVSS7.5AI score0.42225EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.59 views

CVE-2008-0116

CVE-2008-0116 is a remote-code-execution vulnerability in Microsoft Excel’s handling of rich text values during memory loading. The issue affects Excel 2000 SP3–2003 SP2, Excel Viewer 2003, the Compatibility Pack, and Excel for Mac (2004/2008). A malformed rich-text tag in a crafted Excel file co...

9.3CVSS9.7AI score0.48229EPSS
CVE
CVE
added 2006/07/13 9:0 p.m.58 views

CVE-2006-1306

CVE-2006-1306 is a Microsoft Excel remote code execution vulnerability in the Malformed OBJECT record. A crafted .xls file can cause an attacker-controlled function pointer to execute arbitrary code when opened, enabling code execution in the user’s context. The issue affects Office/Excel 2000–20...

9.3CVSS7.2AI score0.09278EPSS
CVE
CVE
added 2006/07/13 10:0 p.m.56 views

CVE-2006-1301

CVE-2006-1301 affects Microsoft Excel 2000–2004 via a crafted SELECTION record that triggers memory corruption, allowing user-assisted arbitrary code execution. Root cause: insufficient validation when parsing SELECTION records, leading to memory corruption. Affected products: Excel 2000, 2002, 2...

9.3CVSS7.1AI score0.09824EPSS
CVE
CVE
added 2006/07/13 9:0 p.m.55 views

CVE-2006-1302

CVE-2006-1302 describes a memory corruption vulnerability in Microsoft Excel 2000–2003 (and related 2000–2004 variants) triggered by parsing certain fields in a SELECTION record within a .xls file, leading to possible arbitrary code execution when a user opens a crafted Excel file. The issue is a...

9.3CVSS7.4AI score0.13681EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.52 views

CVE-2008-0114

CVE-2008-0114 describes a remote code execution vulnerability in Microsoft Excel’s handling of Style records. It affects Excel 2000 SP3 through 2003 SP2, Excel Viewer 2003, and Office for Mac 2004. The underlying issue is a memory handling error that occurs when loading specially crafted Excel fi...

9.3CVSS9.7AI score0.38754EPSS
CVE
CVE
added 2006/07/13 10:0 p.m.50 views

CVE-2006-1309

CVE-2006-1309 is a Microsoft Excel vulnerability affecting Excel 2000–2004 where opening a crafted .xls file with a malformed LABEL record can trigger memory corruption and allow remote code execution. The underlying issue is memory corruption during processing of the LABEL record, potentially en...

9.3CVSS7.2AI score0.09741EPSS