101 matches found
CVE-2009-3129
CVE-2009-3129 concerns a remote-code-execution vulnerability in Microsoft Office Excel and related components caused by a FEATHEADER record with an invalid cbHdrData size that affects a pointer offset. Affected products include Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Open XML File Format Converte...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2009-3130
CVE-2009-3130 corresponds to the Excel Document Parsing Heap Overflow vulnerability. Affected software includes Microsoft Office Excel 2002 SP3, Excel 2003 and newer on Windows via BIFF parsing, and Office for Mac variants plus the Open XML File Format Converter for Mac. The root cause is imprope...
CVE-2011-0097
CVE-2011-0097 is a Microsoft Excel integer-overflow in the 400h substream parsing that can trigger a stack-based buffer overflow and remote code execution. Affected are Excel on Windows (2002 SP3/2003 SP3/2007 SP2/2010) and Mac variants, plus related File Format converters/viewers. The vulnerabil...
CVE-2011-1273
Microsoft Excel (Windows: 2002/2003/2007/2010; Mac: 2004/2008/2011; Open XML Converter for Mac; Excel Viewer; Office Compatibility Pack) is affected by CVE-2011-1273 due to improper validation/parsing of Excel records. Multiple advisories attribute the issue to parsing errors (record-type handlin...
CVE-2011-0105
CVE-2011-0105 describes a buffer overflow in Microsoft Excel-related components caused by obtaining a length value from an uninitialized memory location, enabling remote code execution via a crafted Excel file. Affected products listed in the provided sources include Excel 2002 SP3, Office for Ma...
CVE-2008-0081
CVE-2008-0081 corresponds to the Macro Validation Vulnerability in Microsoft Excel and related Office components. A remote code execution flaw exists when opening specially crafted Excel files with macros, caused by improper validation of macro/memory handling, affecting Excel 2000 SP3 through 20...
CVE-2010-0822
CVE-2010-0822 describes a stack-based overflow in Excel’s object (OBJ) record parser. The vulnerability permits remote code execution via a specially crafted Excel file and affects Excel 2002 SP3, Office 2004/2008 for Mac, and Open XML File Format Converter for Mac (per the initial entry). Public...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2010-0821
CVE-2010-0821 is identified in connected advisories as the Excel SXVIEW record parsing memory corruption vulnerability. It allows remote code execution if a user opens a specially crafted Excel file, due to improper parsing of SXVIEW structures. Exploitation requires user interaction (opening a c...
CVE-2009-0238
CVE-2009-0238 corresponds to a remote code execution vulnerability in Microsoft Office Excel and related components (Excel Viewer, Compatibility Pack, and Mac variants) triggered by opening a crafted Excel document that causes an invalid object access. The issue manifests as memory/code execution...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2010-1245
CVE-2010-1245 is a remote code execution vulnerability in Microsoft Office Excel involving a malformed SxView record that could be triggered by opening a crafted Excel file. Affected products include Excel 2002 SP3, Excel 2004 for Mac, Excel 2008 for Mac, and the Open XML File Format Converter fo...
CVE-2011-0098
CVE-2011-0098 corresponds to a remote code execution vulnerability in Microsoft Office Excel. The issue is a buffer/heap overflow in parsing the Label record (Excel file format), allowing remote attackers to run arbitrary code by convincing a user to open a malicious XLS file. Affected products i...
CVE-2010-0257
CVE-2010-0257 is a remote code execution vulnerability in Microsoft Excel 2002 SP3 and Excel XP related to memory corruption when processing EntExU2 records in a crafted Excel file. Exploitation could allow an attacker to take full control of the affected system by convincing a user to open a mal...
CVE-2009-3127
CVE-2009-3127 (Excel Cache Memory Corruption) is a remote code execution vulnerability in Microsoft Office Excel variants: Excel 2002 SP3, 2003 SP3, 2004/2008 for Mac, Open XML File Format Converter for Mac, and Excel Viewer 2003 SP3. It stems from improper parsing of the Excel file format, allow...
CVE-2010-1248
CVE-2010-1248 affects Microsoft Office Excel 2002 SP3 (and Excel 2004 for Mac) due to parsing errors in HFPicture and WOPT records, causing heap/buffer memory corruption and potential remote code execution. The vulnerability arises when opening specially crafted Excel files containing malformed H...
CVE-2011-0980
CVE-2011-0980 corresponds to a memory corruption flaw in Microsoft Office that arises when parsing Office Art objects, enabling remote code execution via a crafted file. It affects Excel/Office components across Windows and Mac builds listed in the initial document (Excel 2002/2003, Office for Ma...
CVE-2004-0846
Microsoft Excel is affected by CVE-2004-0846 due to a buffer overflow from improper validation of certain records/parameters in Excel files. The vulnerability affects Excel 2000, Excel 2002, Excel 2001 for Mac, and Excel v.X for Mac; Excel 2004 for Mac and Office 2003/XP SP3 are not affected. An ...
CVE-2010-0263
CVE-2010-0263 concerns Microsoft Office Excel XLSX File Parsing Code Execution. The vulnerability arises from insufficient validation of ZIP headers during decompression of Open XML XLSX documents, enabling remote code execution via a crafted file that accesses uninitialized memory. Affected soft...
CVE-2009-3128
CVE-2009-3128 describes a remote code execution vulnerability in Microsoft Office Excel via a malformed SxView record in Excel files. Affects Excel 2002 SP3, Excel 2003 SP3, and Excel Viewer 2003 SP3; exploitation leads to arbitrary code execution with the attacker gaining the user’s privileges. ...
CVE-2010-1249
CVE-2010-1249 is a memory corruption vulnerability in Microsoft Office Excel related to processing malformed ExternalName (record type 0x23) in Excel files, enabling remote code execution when a user opens a crafted file. Affected products per the CVE entry and linked advisories include Excel 200...
CVE-2011-0979
CVE-2011-0979 affects Microsoft Excel and related Office components (including Mac versions) where errors parsing Office Art records in Excel spreadsheets allow remote code execution via a malformed object record (stray reference). Root cause is improper error handling during parsing of Office Ar...
CVE-2009-3132
CVE-2009-3132 is the Excel Index Parsing Vulnerability: a remote-code-execution flaw in Microsoft Office Excel where pointer corruption occurs while parsing Excel formulas/indices in affected Office Excel versions (Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, plus Mac variants and viewers). A crafted ...
CVE-2008-0115
CVE-2008-0115 : A remote-code-execution vulnerability in Microsoft Excel’s Formula Parsing affects Excel 2000 SP3–2007, Excel Viewer 2003, the Office Compatibility Pack, and Office for Mac 2004. The issue arises from improper handling of malformed formulas, allowing a user-assisted attacker to tr...
CVE-2010-0262
CVE-2010-0262 describes a remote code execution vulnerability in Microsoft Office Excel stemming from an uninitialized memory access in the FNGROUPNAME record during parsing of Excel files. The issue could let an attacker execute arbitrary code with the privileges of the user who opens a crafted ...
CVE-2009-3134
CVE-2009-3134 is the Excel Field Sanitization Vulnerability. It affects Microsoft Office Excel components across Windows and Mac platforms listed in the entries, including Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Office 2004/2008 for Mac, Open XML Converter for Mac, Excel Viewer SKUs, and the Offi...
CVE-2010-1250
CVE-2010-1250 is a remote code execution vulnerability in Microsoft Office Excel, caused by a heap overflow when parsing malformed EDG (0x88) and Publisher (0x89) records. Affects Excel 2002 SP3, Excel for Mac (2004, 2008), and Open XML File Format Converter for Mac. Microsoft MS10-038 addresses ...
CVE-2011-1272
Summary (CVE-2011-1272) : This vulnerability affects Microsoft Excel and related components (Excel 2002 SP3, 2003 SP3, 2007 SP2; Office 2004/2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack SP2) and is caused by improper validation of record struct...
CVE-2010-3230
The CVE-2010-3230 entry relates to an integer overflow in Microsoft Excel 2002 SP3 while parsing crafted record information, enabling remote code execution via a specially crafted Excel file. Affected software in the linked advisories includes Excel 2002 SP3 and related Excel formats across Offic...
CVE-2011-1275
CVE-2011-1275 affects Microsoft Excel components across Windows/macOS environments (Excel 2002 SP3; Office 2004/2008/2011 for Mac; Open XML File Format Converter for Mac). The issue arises from improper validation of record information during Excel file parsing, causing a memory handling error th...
CVE-2011-1274
Vulnerability CVE-2011-1274 affects Microsoft Excel and related Office components across multiple platforms (Excel 2002/2003/2007; Office for Mac 2004/2008; Excel Viewer; Open XML Converter for Mac; Office Compatibility Pack). The issue arises when parsing certain Excel record structures, where i...
CVE-2006-0030
CVE-2006-0030 affects Microsoft Excel 2000, 2002, and 2003 via a memory corruption vulnerability in malformed graphics within Excel data files. An attacker could trigger remote code execution by having a user open a specially crafted Excel file containing a malformed graphic; impact is memory cor...
CVE-2006-2388
Summary: CVE-2006-2388 is a remote code execution vulnerability in Microsoft Office Excel (2000–2004) caused by a flaw when Excel rebuilds metadata after processing malformed cell comments. An attacker must lure a user into opening a crafted .XLS file, which could allow code execution with the cu...
CVE-2007-0027
CVE-2007-0027 affects Microsoft Excel versions including Excel 2000 SP3, 2002 SP3, 2003 SP2, Excel 2004 for Mac, and Excel v.X for Mac. The flaw is a remote code execution due to memory corruption when parsing malformed IMDATA records in BIFF Excel files. An attacker could exploit this by enticin...
CVE-2010-1253
CVE-2010-1253 is a remote-code-execution vulnerability in Microsoft Excel related to parsing DBQueryExt records (Excel ADO Object Vulnerability). The issue affects Excel on Windows platforms (Excel 2002 SP3; Excel 2007 SP1/SP2) and Excel on Mac (Office for Mac 2004/2008) plus Open XML File Format...
CVE-2002-0617
CVE-2002-0617 affects Microsoft Excel 2000 and 2002 on Windows. The vulnerability allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, known as the Hyperlinked Excel Workbook ...
CVE-2010-1247
CVE-2010-1247 is an Excel RealTimeData Record Heap Corruption vulnerability in Microsoft Office Excel (notably Excel 2002 SP3) triggered by a malformed RealTimeData/RTD record that enables remote code execution. Public documentation also notes related Excel memory corruption CVEs (e.g., 2010-1249...
CVE-2010-2562
CVE-2010-2562 affects Microsoft Office Excel and components on Windows and Mac: Excel 2002 SP3/2003 SP3, Office 2004/2008 for Mac, and Open XML File Format Converter for Mac. The root cause is a parsing logic error in the Excel file format, leading to a memory corruption vulnerability that can al...
CVE-2010-3237
CVE-2010-3237 is a vulnerability in Microsoft Excel (affecting Excel 2002 SP3 and Office for Mac 2004) where parsing of the Merge Cell record can be exploited to execute arbitrary code. The root cause is improper handling/validation of Merge Cell Records in Excel file formats, enabling remote cod...
CVE-2011-0103
CVE-2011-0103 covers a memory corruption vulnerability in Excel parsing logic that could allow remote code execution or a denial of service when opening specially crafted Excel files. Affected products include Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File ...
CVE-2008-4266
CVE-2008-4266 (Excel Global Array Memory Corruption Vulnerability) is a remote code execution flaw in Microsoft Office Excel and related components (Excel 2000 SP3, 2002 SP3, 2003 SP3; Excel Viewer 2003 Gold/SP3; Office 2004/2008 for Mac; Open XML File Format Converter for Mac). The vulnerability...
CVE-2010-1252
CVE-2010-1252 is a remote code execution vulnerability in Microsoft Office Excel, specifically affecting Excel 2002 SP3 and Office 2004 for Mac. The flaw stems from how Excel handles a crafted Excel file (String Variable Vulnerability) and could allow an attacker to execute arbitrary code with th...
CVE-2011-0104
CVE-2011-0104 affects Microsoft Excel 2002 SP3, Excel 2003 SP3, Office 2004/2008 for Mac, and Open XML File Format Converter for Mac. A crafted HLink record in an Excel file can trigger memory corruption, allowing remote code execution or causing a denial of service. Exploitation details or in‑th...
CVE-2011-0978
CVE-2011-0978 is a remote code execution vulnerability in Microsoft Excel and related Office components caused by a memory corruption/stack-based overflow while parsing the Axis Properties/ SxView records (vulnerable in Excel 2002 SP3, 2003 SP3, 2007 SP2, Office for Mac 2004, Excel Viewer SP2, an...
CVE-2005-4131
CVE-2005-4131 affects Microsoft Excel 2000, 2002 and 2003 (Office 2000 SP3 and related packages). The vulnerability stems from parsing a malformed named range/range data in Excel files, which can cause memory corruption in a call to msvcrt.memmove. An attacker could leverage this via a specially ...
CVE-2006-3059
Technical details for CVE-2006-3059 are not provided in the supplied documents; no affected product/version/impact is specified beyond a generic note. Monitor for updates.
CVE-2007-0029
CVE-2007-0029 is the Excel Malformed String Vulnerability affecting Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and Excel 2004/Mac (and Excel v.X for Mac). The issue allows user-assisted remote attackers to achieve arbitrary code execution by parsing a malformed string in Excel files. Microsoft...
CVE-2009-3131
CVE-2009-3131 is the Excel Formula Parsing Memory Corruption vulnerability. The issue affects Microsoft Office Excel and related components across multiple platforms: Excel 2002 SP3, 2003 SP3, and 2007 SP1/SP2; Office 2004/2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer 2003 SP...
CVE-2010-0264
The CVE-2010-0264 issue affects Microsoft Office Excel 2002 SP3, Excel for Mac (Office 2004/2008), and the Open XML File Format Converter for Mac, where parsing the Excel file format fails due to a DbOrParamQry record handling error. This memory-corruption vulnerability can allow remote code exec...