46 matches found
CVE-2008-0081
CVE-2008-0081 corresponds to the Macro Validation Vulnerability in Microsoft Excel and related Office components. A remote code execution flaw exists when opening specially crafted Excel files with macros, caused by improper validation of macro/memory handling, affecting Excel 2000 SP3 through 20...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2009-0238
CVE-2009-0238 corresponds to a remote code execution vulnerability in Microsoft Office Excel and related components (Excel Viewer, Compatibility Pack, and Mac variants) triggered by opening a crafted Excel document that causes an invalid object access. The issue manifests as memory/code execution...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2004-0846
Microsoft Excel is affected by CVE-2004-0846 due to a buffer overflow from improper validation of certain records/parameters in Excel files. The vulnerability affects Excel 2000, Excel 2002, Excel 2001 for Mac, and Excel v.X for Mac; Excel 2004 for Mac and Office 2003/XP SP3 are not affected. An ...
CVE-2008-0115
CVE-2008-0115 : A remote-code-execution vulnerability in Microsoft Excel’s Formula Parsing affects Excel 2000 SP3–2007, Excel Viewer 2003, the Office Compatibility Pack, and Office for Mac 2004. The issue arises from improper handling of malformed formulas, allowing a user-assisted attacker to tr...
CVE-2006-0030
CVE-2006-0030 affects Microsoft Excel 2000, 2002, and 2003 via a memory corruption vulnerability in malformed graphics within Excel data files. An attacker could trigger remote code execution by having a user open a specially crafted Excel file containing a malformed graphic; impact is memory cor...
CVE-2006-2388
Summary: CVE-2006-2388 is a remote code execution vulnerability in Microsoft Office Excel (2000–2004) caused by a flaw when Excel rebuilds metadata after processing malformed cell comments. An attacker must lure a user into opening a crafted .XLS file, which could allow code execution with the cu...
CVE-2007-0027
CVE-2007-0027 affects Microsoft Excel versions including Excel 2000 SP3, 2002 SP3, 2003 SP2, Excel 2004 for Mac, and Excel v.X for Mac. The flaw is a remote code execution due to memory corruption when parsing malformed IMDATA records in BIFF Excel files. An attacker could exploit this by enticin...
CVE-2002-0617
CVE-2002-0617 affects Microsoft Excel 2000 and 2002 on Windows. The vulnerability allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, known as the Hyperlinked Excel Workbook ...
CVE-2008-4266
CVE-2008-4266 (Excel Global Array Memory Corruption Vulnerability) is a remote code execution flaw in Microsoft Office Excel and related components (Excel 2000 SP3, 2002 SP3, 2003 SP3; Excel Viewer 2003 Gold/SP3; Office 2004/2008 for Mac; Open XML File Format Converter for Mac). The vulnerability...
CVE-2000-0277
Microsoft Excel 97/2000 are affected by the XLM Text Macro vulnerability, where Excel fails to warn when macros in external text files are executed, potentially allowing arbitrary commands via a macro virus. The issue occurs when references to external XLM macro files are present; Excel may not d...
CVE-2005-4131
CVE-2005-4131 affects Microsoft Excel 2000, 2002 and 2003 (Office 2000 SP3 and related packages). The vulnerability stems from parsing a malformed named range/range data in Excel files, which can cause memory corruption in a call to msvcrt.memmove. An attacker could leverage this via a specially ...
CVE-2006-3059
Technical details for CVE-2006-3059 are not provided in the supplied documents; no affected product/version/impact is specified beyond a generic note. Monitor for updates.
CVE-2007-0029
CVE-2007-0029 is the Excel Malformed String Vulnerability affecting Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and Excel 2004/Mac (and Excel v.X for Mac). The issue allows user-assisted remote attackers to achieve arbitrary code execution by parsing a malformed string in Excel files. Microsoft...
CVE-2007-0030
CVE-2007-0030 is the Excel Malformed Column Record Vulnerability. A memory corruption flaw occurs when parsing the BIFF8 Column field, allowing a remote attacker to execute arbitrary code by convincing a user to open a crafted Excel file. Affected products include Microsoft Excel 2000 SP3, 2002 S...
CVE-2007-0031
CVE-2007-0031 affects Microsoft Excel: heap-based buffer overflow in BIFF8 PALETTE records can allow a user-assisted remote attacker to execute arbitrary code. Vulnerable products include Excel 2000 SP3, 2002 SP3, 2003 SP2, and Mac versions (2004 for Mac, v.X for Mac). The flaw is triggered by op...
CVE-2008-0111
CVE-2008-0111 : A remote code execution vulnerability in Microsoft Excel 2000 SP3 through 2007, Excel Viewer 2003, Compatibility Pack, and Office 2004 for Mac exists due to improper validation of data in BIFF8 data validation records when loading files. Exploitation requires a user to open a craf...
CVE-2006-3875
CVE-2006-3875 : A remote code execution vulnerability in Microsoft Excel arises when parsing COLINFO records in XLS files. The COLINFO record parsing flaw can be exploited by a crafted Excel file to execute arbitrary code in the caller’s security context. Affected products include Microsoft Excel...
CVE-2007-0215
CVE-2007-0215 is a stack-based buffer overflow in Microsoft Excel that occurs while processing a Named Graph record in .XLS BIFF files. The vulnerability affects Excel 2000 SP3, 2002 SP3, 2003 SP2, and Excel 2003 Viewer, and is exploitable via a crafted Excel file opened by a user, leading to mem...
CVE-2007-1203
CVE-2007-1203 is a remote code execution vulnerability in Microsoft Excel where specially crafted set font values in Excel files can cause memory corruption. Affected products include Excel 2000 (SP3), 2002 (SP3), 2003 (SP2), 2003 Viewer, and 2004 for Mac, plus Excel 2007. The root cause involves...
CVE-2006-3867
CVE-2006-3867 is a remote code execution vulnerability in Microsoft Excel triggered when Excel handles a crafted Lotus 1-2-3 file. The issue affects Excel on Windows (2000, XP, 2003) and Excel Viewer 2003, as well as Excel for Mac (2004) and Office v.X for Mac. The root cause is improper parsing ...
CVE-2000-0419
The Office 2000 UA ActiveX control is described as wrongly marked “safe for scripting.” This vulnerability allows an intruder to script interactions through the control’s Show Me feature, potentially disabling macro warnings and enabling arbitrary actions within Office applications (e.g., launchi...
CVE-2000-0765
CVE-2000-0765 describes a buffer overflow in the HTML interpreter of Microsoft Office 2000 . An attacker could trigger the overflow via a long embedded object tag in HTML, allowing execution of arbitrary commands. The sources provide the vulnerability description but do not specify affected versi...
CVE-2002-0618
CVE-2002-0618 affects Microsoft Excel 2000/2002 on Windows. The vulnerability stems from a flaw in the Macro Security Model that fails to detect HTML scripting within an Excel workbook containing an XSL stylesheet, allowing remote attackers to execute code in the Local Computer zone. Exploitation...
CVE-2007-0028
CVE-2007-0028 affects multiple Excel variants: Excel 2000, 2002, 2003, Excel Viewer 2003, Office 2004 for Mac, and Office v.X for Mac. The vulnerability stems from improper handling of certain opcodes during Excel file parsing, which can corrupt memory and allow user‑assisted remote attackers to ...
CVE-2007-1214
The CVE-2007-1214 issue affects Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac. It is a memory corruption/remote code execution vulnerability in the handling of Excel BIFF8 AutoFilter records; a crafted XLS file can trigger the flaw. Attack vector involves a user-open...
CVE-2007-1756
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 are affected by CVE-2007-1756 due to improper validation of version information, which can lead to memory corruption and remote code execution when a crafted Excel file is opened. The vulnerability is triggered by us...
CVE-2007-3030
CVE-2007-3030 maps to a Workbook Memory Corruption vulnerability in Microsoft Excel affecting multiple products (Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer; also Mac OS X Excel 2004 per MS07-036). The issue arises when handling malformed Excel workbooks, leading to memory corruption that...
CVE-2007-3890
CVE-2007-3890 is a remote code execution vulnerability in Microsoft Excel across Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac. The root cause is improper validation of the Workspace index value used in an Excel file’s workspace (rtWnDesk records), leading to memory cor...
CVE-2002-0616
CVE-2002-0616 refers to the Excel Inline Macros vulnerability in Microsoft Excel 2000/2002 for Windows. The Macro Security Model allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook. Affected products are Excel 2000 and 2002 on Windows; the un...
CVE-2006-0028
CVE-2006-0028 is a Microsoft Excel remote code execution vulnerability tied to malformed BIFF parsing format files that can corrupt memory and allow arbitrary code execution. Affected products include Excel 2000, 2002, and 2003 (and Office 2000 SP3 and related packages). Exploitation requires a u...
CVE-2006-1304
Microsoft Excel 2000–2003 contains a remote code execution vulnerability in the COLINFO record processing that can be triggered by a specially crafted .xls file. The underlying issue is a buffer overflow during a data filling operation, which could allow an attacker to execute arbitrary code with...
CVE-2006-1308
CVE-2006-1308 is a remote code execution vulnerability in Microsoft Excel (2000–2004) caused by processing a malformed FNGROUPCOUNT value in an Excel file. The issue can be triggered when opening a specially crafted .xls, potentially allowing an attacker to execute arbitrary code in the security ...
CVE-2008-0117
CVE-2008-0117 refers to a remote code execution vulnerability in Microsoft Excel related to crafted conditional formatting values. Affected are Excel 2000 SP3, Excel 2002 SP2, and Office for Mac 2004/2008. Exploitation requires a user to open a specially crafted file, enabling arbitrary code exec...
CVE-2008-0116
CVE-2008-0116 is a remote-code-execution vulnerability in Microsoft Excel’s handling of rich text values during memory loading. The issue affects Excel 2000 SP3–2003 SP2, Excel Viewer 2003, the Compatibility Pack, and Excel for Mac (2004/2008). A malformed rich-text tag in a crafted Excel file co...
CVE-2000-0597
The CVE-2000-0597 entry concerns Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97. The vulnerability arises because these products are marked as safe for scripting, enabling a remote attacker to coax Internet Explorer or some email clients to save files to arbitrary locations via th...
CVE-2002-0615
CVE-2002-0615 affects Windows Media Player 7.1 (and related Media Player versions) where the Windows Media Active Playlist stores data in a well-known local file path, enabling HTML script execution in the Local Computer zone. Connected documentation also references MS02-032 (patch 320920) that f...
CVE-2006-0029
CVE-2006-0029 is a remote code execution vulnerability in Microsoft Excel affecting Excel 2000, 2002, and 2003 via a data file containing a malformed description that can corrupt memory. The Microsoft Security Bulletin MS06-012 provides fixes for this issue across affected Office/Excel versions (...
CVE-2006-1306
CVE-2006-1306 is a Microsoft Excel remote code execution vulnerability in the Malformed OBJECT record. A crafted .xls file can cause an attacker-controlled function pointer to execute arbitrary code when opened, enabling code execution in the user’s context. The issue affects Office/Excel 2000–20...
CVE-2008-0112
CVE-2008-0112 (Excel File Import Vulnerability) describes a remote code execution in Microsoft Excel 2000 SP3 and Office for Mac 2004/2008 triggered by importing a specially crafted SYLK (.slk) file. The underlying issue is improper validation/handling of SYLK data during import, allowing an atta...
CVE-2006-1301
CVE-2006-1301 affects Microsoft Excel 2000–2004 via a crafted SELECTION record that triggers memory corruption, allowing user-assisted arbitrary code execution. Root cause: insufficient validation when parsing SELECTION records, leading to memory corruption. Affected products: Excel 2000, 2002, 2...
CVE-2006-1302
CVE-2006-1302 describes a memory corruption vulnerability in Microsoft Excel 2000–2003 (and related 2000–2004 variants) triggered by parsing certain fields in a SELECTION record within a .xls file, leading to possible arbitrary code execution when a user opens a crafted Excel file. The issue is a...
CVE-2008-0114
CVE-2008-0114 describes a remote code execution vulnerability in Microsoft Excel’s handling of Style records. It affects Excel 2000 SP3 through 2003 SP2, Excel Viewer 2003, and Office for Mac 2004. The underlying issue is a memory handling error that occurs when loading specially crafted Excel fi...
CVE-2006-1309
CVE-2006-1309 is a Microsoft Excel vulnerability affecting Excel 2000–2004 where opening a crafted .xls file with a malformed LABEL record can trigger memory corruption and allow remote code execution. The underlying issue is memory corruption during processing of the LABEL record, potentially en...
CVE-2000-0637
Microsoft Excel 97 and 2000 are affected by a vulnerability in the Register.ID function that allows an attacker to trigger execution of arbitrary commands by specifying a malicious .dll; impact is arbitrary commands with local access. The provided documents do not include exploitation details or ...