84 matches found
CVE-2006-2492
CVE-2006-2492 is a buffer overflow in Microsoft Word (Office 2000 SP3, XP SP3, 2003 SP1/SP2) and Microsoft Works through 2006 caused by a malformed object pointer. The flaw allows arbitrary code execution and requires user interaction (via opening a crafted Word/Works document). Affected products...
CVE-2009-0557
CVE-2009-0557 describes an Object Record Corruption vulnerability in Microsoft Office Excel across multiple platforms (Office 2000 SP3, XP SP3, 2003 SP3, Mac editions, and Excel Viewer/Compatibility Pack). The root cause is a malformed record object in an Excel file, enabling remote code executio...
CVE-2009-0563
CVE-2009-0563 is a Stack-based buffer overflow in Microsoft Word components that allows remote code execution when a user opens a crafted Word document with an invalid length field. Affected products include Word 2002 SP3, 2003 SP3, Word 2007 SP1/SP2, Office for Mac 2004/2008, Open XML File Forma...
CVE-2008-1434
CVE-2008-1434 describes a remote code execution vulnerability in Microsoft Word caused by a memory handling error when processing a Word file containing a malformed CSS value. The issue affects Word across multiple products/versions (Office 2000 SP3, Word 2000; Word XP SP3; Word 2003 SP2/SP3; Wor...
CVE-2006-0002
CVE-2006-0002 is a TNEF decoding vulnerability in Microsoft Outlook (2000–2003) and Microsoft Exchange Server (5.0 SP2, 5.5 SP4, 2000 SP3) where processing a crafted TNEF MIME attachment can lead to remote code execution. Root cause described as improper handling/validation of TNEF data, enabling...
CVE-2006-1540
Mode C: The CVE-2006-1540 issue affects Microsoft Office 2000, XP (2002), and 2003. It stems from a memory corruption vulnerability caused by malformed strings in Office Document files, enabling user‑assisted execution of arbitrary code and potential denial of service when opening crafted Excel, ...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2006-1316
CVE-2006-1316 is a Microsoft Office memory-corruption vulnerability described as a parsing issue in Office files that triggers memory corruption in various Office products (Office 2000/XP/2003 SP1/SP2). Connected advisories indicate this family includes a related CVE-2006-2389 (Office Property Vu...
CVE-2006-5994
CVE-2006-5994 is a remote-code-execution vulnerability in Microsoft Word (2000, 2002, Word Viewer 2003, Word 2003, and Word on Mac 2004/2004 v. X; also affects Works 2004–2006). The root cause, per the connected materials, is that Word does not sufficiently validate certain strings when processin...
CVE-2007-0515
CVE-2007-0515 affects Microsoft Word via a Section Table/Table Stream buffer overflow in Word documents. The vulnerability allows memory corruption that, per sources, enabled remote code execution on Word 2000 (and denial of service on Word 2003) when users open a crafted .doc file. Root cause: S...
CVE-2005-2127
CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...
CVE-2004-0846
Microsoft Excel is affected by CVE-2004-0846 due to a buffer overflow from improper validation of certain records/parameters in Excel files. The vulnerability affects Excel 2000, Excel 2002, Excel 2001 for Mac, and Excel v.X for Mac; Excel 2004 for Mac and Office 2003/XP SP3 are not affected. An ...
CVE-2006-2387
Microsoft Excel contains a remote-code-execution vulnerability CVE-2006-2387 in the parsing of a malformed DATETIME record within XLS files. Affected products include Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004–2006. The root cause is insuf...
CVE-2008-3018
CVE-2008-3021 concerns a memory corruption/vulnerability in Microsoft Office filters when processing malformed PICT images. Affected products include Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, Office Converter Pack, and Works 8. The issue stems from improper handling of PICT image...
CVE-2006-2389
CVE-2006-2389 is a memory-corruption vulnerability in Microsoft Office 2003 SP1/SP2, Office XP SP3, Office 2000 SP3, and other Office products triggered by a malformed Office property within a file, leading to arbitrary code execution when a user opens the crafted document. Connected advisories c...
CVE-2006-6456
CVE-2006-6456 is a remote code execution flaw in Microsoft Word 2000, Word 2002, Word 2003 and Word Viewer 2003 caused by malformed data structures in Word files. Attackers could exploit via specially crafted Word files (e.g., attachments or web-hosted content) to execute arbitrary code with the ...
CVE-2006-0007
CVE-2006-0007 is described in connected advisories as a Linux kernel vulnerability (2.6.9–2.6.20) where the key_alloc_serial function allows remote DoS via vectors triggering a null dereference (spinlock CPU recursion). Remediation is to upgrade to the fixed kernel version (2.6.19.3 per the chang...
CVE-2006-0031
CVE-2006-0031 (MS06-012 family) is a stack-based buffer overflow in Microsoft Excel 2000/XP/2003 triggered by parsing a crafted Excel file containing a malformed record length, leading to memory corruption and potential remote code execution. The vulnerability is one of several Excel-related issu...
CVE-2006-3434
Microsoft Office 2000, XP, 2003, and Mac variants (Office 2004 for Mac, Office v.X for Mac) contain an exploitable flaw in parsing crafted strings that can trigger memory corruption, allowing remote code execution. The issue, CVE-2006-3434, is described in connected CERT/NVD entries as an Office ...
CVE-2008-3004
The CVE-2008-3004 issue affects Microsoft Office Excel and related Mac/Viewer builds. It arises from improper validation of AxesSet index values when loading Excel files, allowing remote code execution via a specially crafted XLS document. Affected products include Excel 2000 SP3, 2002 SP3, 2003 ...
CVE-2003-0347
Vulnerability CVE-2003-0347 affects Microsoft Visual Basic for Applications (VBA) 5.0–6.3 via heap-based overflow in VBE.DLL and VBE6.DLL. An attacker could supply a document with a long ID parameter to cause remote code execution. Impact is remote compromise with user privileges; affected compon...
CVE-2008-3006
Microsoft Excel could allow remote code execution via memory corruption in the BIFF COUNTRY record parsing bug. Affected products include Excel 2000 SP3, 2002 SP3, 2003 SP2/SP3, 2007 Gold/SP1; Excel Viewer; Office Compatibility Pack 2007 Gold/SP1; Office for Mac (2004/2008); and SharePoint Server...
CVE-2006-4694
The CVE-2006-4694 entry concerns a vulnerability in Microsoft PowerPoint (Office 2000/XP/2003) where malformed PowerPoint records, specifically NamedShows, are not properly handled. A crafted .PPT file can enable user‑assisted code execution in the context of the logged‑in user, with exploit acti...
CVE-2007-1747
CVE-2007-1747 concerns a remote code execution in Microsoft Office via a malformed drawing object parsed by MSO.dll. The vulnerability affects multiple Office versions across platforms: Office 2000 SP3, Office 2002 SP3, Office 2003 SP2, Office 2004 for Mac, and Office 2007, where parsing a specia...
CVE-2008-3005
CVE-2008-3005 is an Excel FORMAT record array index memory corruption vulnerability affecting Microsoft Office/Excel on Windows (Excel 2000 SP3, 2002 SP3) and Mac (Office 2004/2008). Root cause: crafted array index in FORMAT records can cause arbitrary code execution when opening a crafted spread...
CVE-2006-0030
CVE-2006-0030 affects Microsoft Excel 2000, 2002, and 2003 via a memory corruption vulnerability in malformed graphics within Excel data files. An attacker could trigger remote code execution by having a user open a specially crafted Excel file containing a malformed graphic; impact is memory cor...
CVE-2008-3020
CVE-2008-3020 is a remote code execution vulnerability in Microsoft Office filters, specifically in the BMPIMP32.FLT module used by Office BMP import handling. A crafted BMP image with a malformed header (e.g., an excessive number of colors) causes a heap buffer overflow/memory corruption in BMP ...
CVE-2002-0617
CVE-2002-0617 affects Microsoft Excel 2000 and 2002 on Windows. The vulnerability allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, known as the Hyperlinked Excel Workbook ...
CVE-2007-0027
CVE-2007-0027 affects Microsoft Excel versions including Excel 2000 SP3, 2002 SP3, 2003 SP2, Excel 2004 for Mac, and Excel v.X for Mac. The flaw is a remote code execution due to memory corruption when parsing malformed IMDATA records in BIFF Excel files. An attacker could exploit this by enticin...
CVE-2006-0001
CVE-2006-0001 is a stack-based buffer overflow in Microsoft Publisher 2000–2003 triggered by parsing a crafted .pub font string, allowing a user-assisted remote attacker to execute arbitrary code. The vulnerability arises from insufficient validation during Publisher’s processing of Publisher doc...
CVE-2006-6561
CVE-2006-6561 is a memory‑corruption vulnerability in Microsoft Word 2000, Word 2002, and Word Viewer 2003 triggered by a crafted DOC file, enabling remote code execution. The issue is demonstrated via the 12122006-djtest.doc file and is related to other Word memory‑corruption CVEs (e.g., CVE-200...
CVE-2007-0030
CVE-2007-0030 is the Excel Malformed Column Record Vulnerability. A memory corruption flaw occurs when parsing the BIFF8 Column field, allowing a remote attacker to execute arbitrary code by convincing a user to open a crafted Excel file. Affected products include Microsoft Excel 2000 SP3, 2002 S...
CVE-2007-0031
CVE-2007-0031 affects Microsoft Excel: heap-based buffer overflow in BIFF8 PALETTE records can allow a user-assisted remote attacker to execute arbitrary code. Vulnerable products include Excel 2000 SP3, 2002 SP3, 2003 SP2, and Mac versions (2004 for Mac, v.X for Mac). The flaw is triggered by op...
CVE-2007-1201
CVE-2007-1201 is a remote code execution vulnerability in Microsoft Office Web Components 2000 related to the DataSource handling that can trigger memory corruption. Multiple sources describe the DataSource Vulnerability as allowing an attacker to execute arbitrary code in the user’s context by v...
CVE-2008-0118
CVE-2008-0118 is a remote code execution memory corruption vulnerability in Microsoft Office (Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 SP3, and Office 2004 for Mac). It is triggered when a user opens a specially crafted Office document, causing memory corruption via an allocation erro...
CVE-2006-3864
CVE-2006-3864 is a remote code execution vulnerability in Microsoft Office/PowerPoint components due to a malformed record in Office files (DOC/PPT/XLS) that triggers memory corruption in mso.dll. A remote, user-assisted attacker who persuades a user to open a crafted document can execute arbitra...
CVE-2007-0035
CVE-2007-0035 is the Word Array Overflow vulnerability in Microsoft Word/Word Viewer across Office 2000 SP3, XP SP3, 2003 SP2, Word 2004 for Mac, and Works Suite 2004–2006. The issue arises from improper handling of data in a certain array, enabling user-assisted remote code execution when a craf...
CVE-2009-1533
Buffer overflow in the Microsoft Works File Converter (part of Office/Works Converters) when processing Works (.wps) files can lead to remote code execution. Affected products/versions include Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9. Root ca...
CVE-2006-1311
CVE-2006-1311 is a remote code execution vulnerability in Microsoft RichEdit. The RichEdit components in Windows 2000 SP4, XP SP2, 2003 SP1 and Office suites (2000 SP3, XP SP3, 2003 SP2) plus Office for Mac 2004 and Learning Essentials are affected. The flaw arises from insufficient validation wh...
CVE-2006-3435
CVE-2006-3435 affects Microsoft PowerPoint across Office releases (PowerPoint in Office 2000, XP, 2003, 2004 for Mac, and PowerPoint for Mac v.X). The issue arises from improper parsing of the slide notes field, leading to a remote code-execution condition via crafted data that triggers an errone...
CVE-2006-3650
CVE-2006-3650 is a remote code execution vulnerability in Microsoft Office (2000 SP3, XP SP3, 2003 SP1/SP2, and Mac variants Office 2004 for Mac and Office v.X for Mac) triggered by parsing a malformed chart record in Word documents. The flaw corrupts pointers during processing of malformed chart...
CVE-2006-3876
CVE-2006-3876 is a Microsoft PowerPoint vulnerability: malformed Data records in PPT files allow a user‑shaping attacker to execute arbitrary code. Affected are PowerPoint alongside Office suites (Office 2000/2002/2003/2004 for Mac, Office v.X for Mac). The flaw is described as a memory corruptio...
CVE-2007-0029
CVE-2007-0029 is the Excel Malformed String Vulnerability affecting Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and Excel 2004/Mac (and Excel v.X for Mac). The issue allows user-assisted remote attackers to achieve arbitrary code execution by parsing a malformed string in Excel files. Microsoft...
CVE-2007-0215
CVE-2007-0215 is a stack-based buffer overflow in Microsoft Excel that occurs while processing a Named Graph record in .XLS BIFF files. The vulnerability affects Excel 2000 SP3, 2002 SP3, 2003 SP2, and Excel 2003 Viewer, and is exploitable via a crafted Excel file opened by a user, leading to mem...
CVE-2002-0619
The CVE-2002-0619 entry concerns Microsoft Word 2002 for Windows, where the Mail Merge Tool—when Microsoft Access is installed—allows remote attackers to run VBA scripts embedded in an HTML mail-merge document. This is identified as a variant of MS00-071 (CVE-2000-0788). Affected component: Word’...
CVE-2006-0009
CVE-2006-0009 is the Office routing slip remote code execution vulnerability. A buffer/memory corruption occurs when parsing a routing slip in an Office document, potentially allowing arbitrary code execution. Affected products include Microsoft Office 2000 SP3, Office XP SP3, and related PowerPo...
CVE-2007-3890
CVE-2007-3890 is a remote code execution vulnerability in Microsoft Excel across Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac. The root cause is improper validation of the Workspace index value used in an Excel file’s workspace (rtWnDesk records), leading to memory cor...
CVE-2008-0103
CVE-2008-0103 is a Microsoft Office remote-code-execution vulnerability caused by a memory handling error when opening specially crafted documents containing malformed objects. Affected products include Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac. Successful exploitat...
CVE-2008-0109
CVE-2008-0109 affects Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Word Viewer 2003. The root cause is a memory corruption in parsing certain fields in the File Information Block (FIB) of Word documents, triggered by crafted content, enabling remote code execution. Impact is fu...