Lucene search

K

118 matches found

CVE
CVE
added 2003/04/02 5:0 a.m.55 views

CVE-2002-0619

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).

7.5CVSS6.8AI score0.11048EPSS
CVE
CVE
added 2006/09/12 11:7 p.m.55 views

CVE-2006-0001

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

9.3CVSS7.8AI score0.73182EPSS
CVE
CVE
added 2006/03/14 11:2 p.m.55 views

CVE-2006-0030

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.

5.1CVSS7.2AI score0.5975EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.55 views

CVE-2008-0118

Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Off...

9.3CVSS9.5AI score0.75862EPSS
CVE
CVE
added 2006/03/14 11:2 p.m.54 views

CVE-2006-0031

Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.

5.1CVSS7.6AI score0.56259EPSS
CVE
CVE
added 2007/05/08 10:19 p.m.54 views

CVE-2007-0035

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

9.3CVSS7.1AI score0.5863EPSS
CVE
CVE
added 2008/08/12 11:41 p.m.54 views

CVE-2008-3020

Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."

9.3CVSS7.3AI score0.54114EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.54 views

CVE-2010-3952

The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Co...

9.3CVSS7.7AI score0.61042EPSS
CVE
CVE
added 2006/09/27 7:7 p.m.53 views

CVE-2006-4694

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.P...

9.3CVSS7AI score0.46461EPSS
CVE
CVE
added 2006/12/14 6:28 p.m.53 views

CVE-2006-6561

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-64...

9.3CVSS7.1AI score0.76277EPSS
CVE
CVE
added 2007/01/09 11:28 p.m.53 views

CVE-2007-0029

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."

9.3CVSS7.6AI score0.55516EPSS
CVE
CVE
added 2007/01/09 11:28 p.m.53 views

CVE-2007-0031

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.

9.3CVSS7.7AI score0.75533EPSS
CVE
CVE
added 2007/05/09 6:0 p.m.53 views

CVE-2007-0215

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

7.6CVSS7.6AI score0.60151EPSS
CVE
CVE
added 2010/11/10 3:0 a.m.53 views

CVE-2010-3334

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp...

9.3CVSS7.6AI score0.65803EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.53 views

CVE-2010-3946

Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."

9.3CVSS7.7AI score0.66914EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.53 views

CVE-2010-3950

The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, ak...

9.3CVSS7.6AI score0.61042EPSS
CVE
CVE
added 2007/01/09 10:28 p.m.52 views

CVE-2007-0027

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.

9.3CVSS7.6AI score0.58051EPSS
CVE
CVE
added 2007/02/13 9:28 p.m.52 views

CVE-2007-0209

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.

9.3CVSS7.5AI score0.53741EPSS
CVE
CVE
added 2007/05/08 11:19 p.m.52 views

CVE-2007-1747

Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.

9.3CVSS7.3AI score0.72194EPSS
CVE
CVE
added 2008/02/13 12:0 a.m.52 views

CVE-2008-0103

Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulne...

9.3CVSS7.6AI score0.55516EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.52 views

CVE-2009-0560

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility ...

9.3CVSS7.5AI score0.6682EPSS
CVE
CVE
added 2010/09/15 7:0 p.m.52 views

CVE-2010-2738

The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenTy...

9.3CVSS7.3AI score0.25677EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.52 views

CVE-2011-0041

Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

9.3CVSS7.6AI score0.7426EPSS
CVE
CVE
added 2006/07/11 9:5 p.m.51 views

CVE-2006-0007

Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.

9.3CVSS7.3AI score0.59658EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.51 views

CVE-2007-1201

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

9.3CVSS7.3AI score0.45718EPSS
CVE
CVE
added 2007/08/14 9:17 p.m.51 views

CVE-2007-3890

Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.

9.3CVSS7.4AI score0.58977EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.50 views

CVE-2006-3868

Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.

5.1CVSS7.3AI score0.54494EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.50 views

CVE-2011-0107

Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loadi...

9.3CVSS6.3AI score0.51597EPSS
CVE
CVE
added 2007/01/09 11:28 p.m.49 views

CVE-2007-0030

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

9.3CVSS7.4AI score0.5863EPSS
CVE
CVE
added 2007/01/09 11:28 p.m.49 views

CVE-2007-0033

Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.

9.3CVSS7.4AI score0.59958EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.49 views

CVE-2008-0109

Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.

9.3CVSS7.3AI score0.5578EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.49 views

CVE-2008-0117

Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."

9.3CVSS9.6AI score0.7417EPSS
CVE
CVE
added 2008/08/12 11:41 p.m.49 views

CVE-2008-3460

WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulner...

9.3CVSS7.3AI score0.60485EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.49 views

CVE-2009-1134

Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "...

9.3CVSS7.4AI score0.61984EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.48 views

CVE-2002-0616

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."

5.1CVSS7.2AI score0.10819EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.48 views

CVE-2002-1716

The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.

5CVSS7.1AI score0.17162EPSS
CVE
CVE
added 2007/01/09 11:28 p.m.48 views

CVE-2007-0028

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an ear...

9.3CVSS7.4AI score
CVE
CVE
added 2007/07/10 10:30 p.m.48 views

CVE-2007-3029

Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.

9.3CVSS7.5AI score0.60754EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.48 views

CVE-2009-0549

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Rec...

9.3CVSS7.5AI score0.59146EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.48 views

CVE-2010-3945

Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."

9.3CVSS7.7AI score0.62128EPSS
CVE
CVE
added 2007/01/09 11:0 p.m.47 views

CVE-2006-1305

Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.

4.3CVSS6.6AI score0.51445EPSS
CVE
CVE
added 2007/02/13 8:28 p.m.47 views

CVE-2006-1311

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF...

9.3CVSS7.4AI score0.68598EPSS
CVE
CVE
added 2007/07/10 10:30 p.m.47 views

CVE-2007-1756

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".

9.3CVSS7.3AI score0.67687EPSS
CVE
CVE
added 2008/08/13 12:41 a.m.47 views

CVE-2008-1455

A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted li...

6.8CVSS7.4AI score0.63798EPSS
CVE
CVE
added 2008/10/15 12:12 a.m.47 views

CVE-2008-4020

Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download...

4.3CVSS5.4AI score0.31298EPSS
CVE
CVE
added 2006/07/11 9:5 p.m.46 views

CVE-2006-1316

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Pars...

9.3CVSS7.2AI score0.74233EPSS
CVE
CVE
added 2008/08/12 11:41 p.m.46 views

CVE-2008-3021

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a d...

9.3CVSS7.2AI score0.67964EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.46 views

CVE-2009-0559

Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."

9.3CVSS7.9AI score0.60265EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.46 views

CVE-2010-3949

Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability."

9.3CVSS7.8AI score0.62128EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.46 views

CVE-2010-3951

Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability."

9.3CVSS7.7AI score0.62128EPSS
Total number of security vulnerabilities118