42 matches found
CVE-2019-0585
CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...
CVE-2019-0541
CVE-2019-0541 – MSHTML Engine Remote Code Execution involves an input validation vulnerability in the MSHTML engine that can let an attacker execute arbitrary code on affected systems. Affected software includes Internet Explorer (IE9/10/11), Microsoft Office components (Office/Word/Excel viewers...
CVE-2012-2539
CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...
CVE-2009-0563
CVE-2009-0563 is a Stack-based buffer overflow in Microsoft Word components that allows remote code execution when a user opens a crafted Word document with an invalid length field. Affected products include Word 2002 SP3, 2003 SP3, Word 2007 SP1/SP2, Office for Mac 2004/2008, Open XML File Forma...
CVE-2017-11826
CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...
CVE-2018-8378
CVE-2018-8378 describes an information disclosure in Microsoft Office when Office reads out-of-bounds memory due to an uninitialized variable, potentially exposing memory contents. Affected components include Word, SharePoint Server, Word/Excel Viewers, and related Office products. Connected Open...
CVE-2009-0565
CVE-2009-0565 is a Word buffer-overflow vulnerability caused by a malformed record (Sprm) in Word documents, leading to remote code execution. Affected products include Microsoft Word 2000 SP3, 2002 SP3, 2007 SP1/SP2, Word for Mac 2004/2008, Open XML File Format Converter for Mac, and Office Comp...
CVE-2017-0283
CVE-2017-0283 is described in the connected MSKB as a remote code execution vulnerability in Microsoft Office components that could be triggered by opening a specially crafted Office file. The MSKB describes a security update KB3191937 for Skype for Business 2015 (Lync 2013) that addresses CVE-20...
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2017-8695
CVE-2017-8695 is an information-disclosure vulnerability in Windows Uniscribe where Microsoft’s Graphics Component can leak memory contents when handling objects, exploitable via a specially crafted document or an untrusted webpage. Affected products span Windows versions from Windows Server 2008...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2017-0073
Technical details for CVE-2017-0073 are not publicly available in the provided connected documents. The records summarize the vulnerability, but no product/version specifics or exploit information are shown. Monitor for updates from official sources.
CVE-2017-0060
The CVE-2017-0060/0062 issue affects the Graphics Device Interface (GDI) in multiple Windows releases (Vista through Windows 10 variants listed in the initial entry). The vulnerability enables a remote attacker to obtain sensitive information from process memory by visiting a crafted web site, i....
CVE-2018-0851
CVE-2018-0851 affects multiple Microsoft Office versions: Office 2007 SP2, Word Viewer, Office 2010 SP2, Office 2013 SP1/RT SP1, Office 2016, and Office 2016 Click-to-Run. The vulnerability arises from how Office handles objects in memory, described as a memory corruption issue that enables remot...
CVE-2017-8676
CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2017-8696
CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2017-0285
CVSS context : CVE-2017-0285 is an information-disclosure vulnerability in Windows Uniscribe. The connected document KLA11039 lists an information-disclosure vulnerability in Windows Uniscribe that can be exploited remotely via specially crafted documents to obtain sensitive information. What is ...
CVE-2017-8682
CVE-2017-8682 is a Win32k Graphics Remote Code Execution issue where remote code could be executed by mis-handling embedded fonts. Affected products include multiple Windows versions (Server 2008 SP2/R2 SP1, Windows 7 SP1, 8.1, 10 1511/1607/1703, Server 2012/2016) and Office Word Viewer/Office 20...
CVE-2009-2504
CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...
CVE-2009-2503
CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...
CVE-2014-6334
CVE-2014-6334 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The issue is a memory-handling flaw in parsing crafted Office documents that can lead to remote code execution or memory corruption/DoS. The connected OpenVAS/Nessus entries corroborate Word/Office comp...
CVE-2009-3135
Microsoft Word Remote Code Execution (CVE-2009-3135) affects Word 2002 SP3, Word 2003 SP3, Word 2004/2008 for Mac, Open XML File Format Converter for Mac, Word Viewer 2003 SP3, and Word Viewer. The vulnerability is a stack-based buffer overflow in Word’s File Information Block (FIB) parsing, whic...
CVE-2018-0922
CVE-2018-0922 is a remote code execution vulnerability arising from how Office objects are handled in memory across multiple Microsoft Office products (Word, Excel, SharePoint, Web Apps, Viewer, etc.). Connected sources confirm the issue affects a wide range of Office/SharePoint versions (e.g., O...
CVE-2018-8427
CVE-2018-8427 is an information-disclosure vulnerability in Microsoft Graphics Components that affects Microsoft Office family products (Office, Word Viewer, PowerPoint/Excel Viewers, Office 365 ProPlus) and related Windows components (Windows Server 2008). The root cause involves improper handli...
CVE-2008-4025
CVE-2008-4025 corresponds to a set of Word/RTF parsing vulnerabilities (word memory/RTF object parsing) in Office products where an integer overflow during RTF/Polyline point processing can trigger a heap-based buffer overflow and remote code execution. Affected software includes Word 2000 SP3, 2...
CVE-2018-8281
CVE-2018-8281: A remote code execution vulnerability in Microsoft Office family (Excel Viewer, PowerPoint Viewer, Office, Word Viewer) arises when Office fails to properly handle objects in memory. Connected documents confirm the issue affects Microsoft Office Viewers and Office-related component...
CVE-2010-1901
CVE-2010-1901 affects Microsoft Word and related Office components (Word 2002 SP3, 2003 SP3, 2007 SP2; Mac: Office 2004/2008, Open XML Converter for Mac, Word Viewer, Compatibility Pack SP2) where the RTF parsing engine mishandles unspecified properties in rich text data, causing a memory corrupt...
CVE-2014-6333
CVE-2014-6333 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The issue arises when parsing specially crafted Office documents, enabling a remote attacker to execute arbitrary code in the context of the logged-in user. The connected advisories consolidate three re...
CVE-2008-4031
CVE-2008-4031 is a remote code execution vulnerability in Microsoft Office Word/Word components caused by a memory corruption during parsing of Rich Text Format (RTF) content. The issue can be triggered when a user opens a specially crafted RTF file or previews a malicious RTF email, potentially ...
CVE-2008-4024
CVE-2008-4024 affects Microsoft Word 2000 SP3, Word 2002 SP3, and Word 2004 for Mac. A remote code execution vulnerability arises when processing a specially crafted Word file containing lcbPlcfBkfSdt in the File Information Block (FIB); this can bypass an initialization step and trigger an arbit...
CVE-2010-1903
CVE-2010-1903 is a Word HTML Linked Objects Memory Corruption vulnerability affecting Microsoft Office Word/Word Viewer. A remote attacker could trigger memory corruption by processing a specially crafted Word file, leading to remote code execution or potential denial of service. Public disclosur...
CVE-2008-4028
CVE-2008-4028 is described in connected advisories as a Word RTF Object Parsing memory corruption/heap overflow vulnerability. It affects Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, 2007 Gold/SP1; Word Viewer 2003; Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats Gold...
CVE-2008-4837
CVE-2008-4837 is a Word memory corruption vulnerability (Word Memory Corruption Vulnerability) affecting Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold/SP1, Word Viewer 2003, and related Office components. The issue arises from a stack/memory corruption when processing a crafted Word document w...
CVE-2008-4027
CVE-2008-4027 is a remote code execution vulnerability in Microsoft Word/Office applications caused by parsing malformed Rich Text Format (RTF) files. The flaw arises from mishandling consecutive Drawing Object ("\do") tags, leading to memory corruption and potential arbitrary code execution. Aff...
CVE-2010-1900
CVE-2010-1900 affects Microsoft Word (various Windows/macOS editions) and related components. A remote-code-execution/memory-corruption flaw arises from Word opening malformed Word files that contain malformed records, enabling an attacker to execute arbitrary code or cause memory corruption on i...
CVE-2008-4026
CVE-2008-4026 is a remote-code-execution vulnerability in Microsoft Word handling crafted Word files that contain a malformed value, triggering memory corruption. Affected products include Word 2000 SP3, 2002 SP3, 2003 SP3, 2007 (Gold and SP1), Word Viewer 2003 SP3, Office Compatibility Pack for ...
CVE-2010-1902
CVE-2010-1902 describes a remote-code-execution flaw in Microsoft Word’s RTF parsing engine. The vulnerability is triggered by crafted RTF data, specifically via drawing object control words that copy properties into a heap buffer without bounds checking, causing a heap buffer overflow. Affected ...
CVE-2014-6335
CVE-2014-6335 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The root cause is improper handling of objects in memory while parsing specially crafted Office files, leading to remote code execution or memory corruption (and possible DoS). Technical details across ...
CVE-2008-4030
CVE-2008-4030 corresponds to a memory-corruption remote code execution issue in Microsoft Office Word (various versions) triggered by crafted control words in Rich Text Format (RTF) files or in RTF emails. Connected advisories attribute the vulnerability to a memory calculation error in Word that...