30 matches found
CVE-2020-0760
CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2019-1264
Summary (CVE-2019-1264) : A security feature bypass in Microsoft Office arises from improper handling of input within Office components. Connected sources confirm this as a Microsoft Office input-handling vulnerability that can allow an attacker to execute arbitrary commands when a user opens a s...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2020-1322
Microsoft Project information disclosure vulnerability (CVE-2020-1322) stems from an uninitialized variable causing out-of-bounds memory reads. Affected products seen in connected docs include Project 2013 and Project 2016. Microsoft released security updates on June 9, 2020 (KB4484369 for Projec...
CVE-2009-2504
CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...
CVE-2009-2503
CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2008-4254
CVE-2008-4254 describes a remote code execution vulnerability in the Microsoft Visual Basic 6.0 Runtime Extended Files Hierarchical FlexGrid ActiveX control (mshflxgd.ocx). The issue arises from multiple integer overflows in the Hierarchical FlexGrid control when manipulating the Rows/Cols proper...
CVE-2018-8575
CVE-2018-8575 is a remote code execution vulnerability in Microsoft Project family products (Microsoft Project, Office 365 ProPlus, Microsoft Project Server) arising when the program fails to properly handle objects in memory. The open-source and vulnerability feeds in the connected documents cor...
CVE-2005-2127
CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...
CVE-2004-0848
CVE-2004-0848 corresponds to a buffer overflow in Microsoft Office XP that can allow remote code execution via specially crafted HTML links referencing URL file locations. Connected advisories detail that the overflow occurs in the Office process handling URL file references, enabling arbitrary c...
CVE-2008-4255
MODE_C: CVE-2008-4255 maps to a heap-based buffer overflow in MS MSCOMCT2.OCX (Visual Basic 6.0 ActiveX control) used by VB6 runtimes, Visual FoxPro, and Office Project components. The flaw occurs when parsing a malformed AVI stream, leading to memory corruption and remote code execution. Affecte...
CVE-2008-4256
The CVE-2008-4256 entry maps to the Charts ActiveX Control memory corruption vulnerability in Microsoft Visual Basic 6.0 runtime components (notably Mschart20.ocx) and related VB/FoxPro runtimes. The root cause is improper error handling when accessing incorrectly initialized objects, enabling re...
CVE-1999-0384
The CVE concerns the Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0). The issue arises because this control can read text from a user’s clipboard when a user accesses documents containing ActiveX content. Impact is limited to disclosure of clipboard data as described i...
CVE-2003-0347
Vulnerability CVE-2003-0347 affects Microsoft Visual Basic for Applications (VBA) 5.0–6.3 via heap-based overflow in VBE.DLL and VBE6.DLL. An attacker could supply a document with a long ID parameter to cause remote code execution. Impact is remote compromise with user privileges; affected compon...
CVE-2008-4252
CVE-2008-4252, -4253, -4254, -4255, -4256 describe memory corruption vulnerabilities in Visual Basic 6.0 ActiveX Controls (DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI Parsing, Charts, Masked Edit). Exploitation vector involves remote code execution by delivering a crafted web pa...
CVE-2006-3864
CVE-2006-3864 is a remote code execution vulnerability in Microsoft Office/PowerPoint components due to a malformed record in Office files (DOC/PPT/XLS) that triggers memory corruption in mso.dll. A remote, user-assisted attacker who persuades a user to open a crafted document can execute arbitra...
CVE-2008-4253
CVE-2008-4253 is a remote code execution vulnerability in the FlexGrid ActiveX control used by Visual Basic 6.0, Visual FoxPro 8.0 SP1/9.0 SP1/SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3. The issue arises when the ActiveX control handles errors during access to improperly initiali...
CVE-2000-0419
The Office 2000 UA ActiveX control is described as wrongly marked “safe for scripting.” This vulnerability allows an intruder to script interactions through the control’s Show Me feature, potentially disabling macro warnings and enabling arbitrary actions within Office applications (e.g., launchi...
CVE-2008-1088
CVE-2008-1088 corresponds to a memory validation vulnerability in Microsoft Project that could allow remote code execution when opening specially crafted Project files. Affected products include Microsoft Project 2000 Service Release 1, 2002 Service Pack 1, and 2003 Service Pack 2. The underlying...
CVE-2002-0727
The CVE-2002-0727 entry concerns Microsoft Office Web Components (OWC) 2000 and 2002. The Host function is exposed in components marked as safe for scripting, enabling a remote attacker to execute arbitrary commands through the setTimeout method. This defines the vulnerable component/function and...
CVE-2002-0860
The CVE-2002-0860 vulnerability affects Microsoft Office Web Components (OWC) 2000 and 2002, where the LoadText method in the spreadsheet component allows a remote attacker using an Internet Explorer URL redirect to read arbitrary local files. Underlying issue: inadequate URL handling in the OWC ...
CVE-2002-0861
CVE-2002-0861 affects Microsoft Office Web Components (OWC) 2000 and 2002. The vulnerability arises from a bypass of the setting “Allow paste operations via script,” allowing a remote attacker to paste via script despite the setting being disabled. The issue is triggered through the (1) Copy meth...