18 matches found
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2009-2504
CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...
CVE-2009-2503
CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2005-2127
CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...
CVE-2004-0848
CVE-2004-0848 corresponds to a buffer overflow in Microsoft Office XP that can allow remote code execution via specially crafted HTML links referencing URL file locations. Connected advisories detail that the overflow occurs in the Office process handling URL file references, enabling arbitrary c...
CVE-2003-0347
Vulnerability CVE-2003-0347 affects Microsoft Visual Basic for Applications (VBA) 5.0–6.3 via heap-based overflow in VBE.DLL and VBE6.DLL. An attacker could supply a document with a long ID parameter to cause remote code execution. Impact is remote compromise with user privileges; affected compon...
CVE-2006-3864
CVE-2006-3864 is a remote code execution vulnerability in Microsoft Office/PowerPoint components due to a malformed record in Office files (DOC/PPT/XLS) that triggers memory corruption in mso.dll. A remote, user-assisted attacker who persuades a user to open a crafted document can execute arbitra...
CVE-2008-1088
CVE-2008-1088 corresponds to a memory validation vulnerability in Microsoft Project that could allow remote code execution when opening specially crafted Project files. Affected products include Microsoft Project 2000 Service Release 1, 2002 Service Pack 1, and 2003 Service Pack 2. The underlying...
CVE-2002-0727
The CVE-2002-0727 entry concerns Microsoft Office Web Components (OWC) 2000 and 2002. The Host function is exposed in components marked as safe for scripting, enabling a remote attacker to execute arbitrary commands through the setTimeout method. This defines the vulnerable component/function and...
CVE-2002-0860
The CVE-2002-0860 vulnerability affects Microsoft Office Web Components (OWC) 2000 and 2002, where the LoadText method in the spreadsheet component allows a remote attacker using an Internet Explorer URL redirect to read arbitrary local files. Underlying issue: inadequate URL handling in the OWC ...
CVE-2002-0861
CVE-2002-0861 affects Microsoft Office Web Components (OWC) 2000 and 2002. The vulnerability arises from a bypass of the setting “Allow paste operations via script,” allowing a remote attacker to paste via script despite the setting being disabled. The issue is triggered through the (1) Copy meth...