16 matches found
CVE-2009-0565
CVE-2009-0565 is a Word buffer-overflow vulnerability caused by a malformed record (Sprm) in Word documents, leading to remote code execution. Affected products include Microsoft Word 2000 SP3, 2002 SP3, 2007 SP1/SP2, Word for Mac 2004/2008, Open XML File Format Converter for Mac, and Office Comp...
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2009-2504
CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...
CVE-2009-2503
CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...
CVE-2014-6334
CVE-2014-6334 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The issue is a memory-handling flaw in parsing crafted Office documents that can lead to remote code execution or memory corruption/DoS. The connected OpenVAS/Nessus entries corroborate Word/Office comp...
CVE-2009-3135
Microsoft Word Remote Code Execution (CVE-2009-3135) affects Word 2002 SP3, Word 2003 SP3, Word 2004/2008 for Mac, Open XML File Format Converter for Mac, Word Viewer 2003 SP3, and Word Viewer. The vulnerability is a stack-based buffer overflow in Word’s File Information Block (FIB) parsing, whic...
CVE-2014-6333
CVE-2014-6333 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The issue arises when parsing specially crafted Office documents, enabling a remote attacker to execute arbitrary code in the context of the logged-in user. The connected advisories consolidate three re...
CVE-2010-1901
CVE-2010-1901 affects Microsoft Word and related Office components (Word 2002 SP3, 2003 SP3, 2007 SP2; Mac: Office 2004/2008, Open XML Converter for Mac, Word Viewer, Compatibility Pack SP2) where the RTF parsing engine mishandles unspecified properties in rich text data, causing a memory corrupt...
CVE-2010-1903
CVE-2010-1903 is a Word HTML Linked Objects Memory Corruption vulnerability affecting Microsoft Office Word/Word Viewer. A remote attacker could trigger memory corruption by processing a specially crafted Word file, leading to remote code execution or potential denial of service. Public disclosur...
CVE-2010-1900
CVE-2010-1900 affects Microsoft Word (various Windows/macOS editions) and related components. A remote-code-execution/memory-corruption flaw arises from Word opening malformed Word files that contain malformed records, enabling an attacker to execute arbitrary code or cause memory corruption on i...
CVE-2010-1902
CVE-2010-1902 describes a remote-code-execution flaw in Microsoft Word’s RTF parsing engine. The vulnerability is triggered by crafted RTF data, specifically via drawing object control words that copy properties into a heap buffer without bounds checking, causing a heap buffer overflow. Affected ...
CVE-2014-6335
CVE-2014-6335 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The root cause is improper handling of objects in memory while parsing specially crafted Office files, leading to remote code execution or memory corruption (and possible DoS). Technical details across ...