21 matches found
CVE-2012-1856
CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...
CVE-2012-2552
Microsoft SQL Server 2000/2005/2008/2008 R2/2012 Reporting Services suffers a cross-site scripting (XSS) vulnerability in the SQL Server Report Manager, allowing an attacker to inject web script or HTML via an unspecified parameter (reflected XSS). The issue is identified as CVE-2012-2552. Public...
CVE-2011-1280
CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...
CVE-2008-5416
The connected KB/MS advisory confirms CVE-2008-5416 relates to a heap-based memory overwrite flaw in SQL Server via the sp_replwritetovarbin extended stored procedure. It affects multiple SQL Server family products and service packs (SQL Server 2000 SP4/MSDE 2000, SQL Server 2005 SP2, WYukon/Wind...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2007-5348
The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2008-3013
CVE-2008-3013 corresponds to a GDI+ GIF parsing vulnerability. The connected KB954593 (MS08-052) describes remote code execution in Windows GDI+ when a user views a specially crafted GIF, affecting multiple Windows versions and Office components. The underlying issue is memory corruption during G...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2008-0106
CVE-2008-0106 describes a buffer overflow in Microsoft SQL Server 2005 SP1/SP2 and SQL Server 2005 Express SP1/SP2 that could allow remote authenticated users to execute arbitrary code via a crafted insert statement. The connected KB article MS08-040 (KB941203) confirms Microsoft released a secur...
CVE-2008-0086
CVE-2008-0086 corresponds to vulnerabilities addressed by MS08-040. The Connected KB (KB941203) states MS08-040 resolves four privately disclosed vulnerabilities in Microsoft SQL Server products, with the more serious one enabling code execution and full system compromise if exploited. The CVE de...
CVE-2008-0107
CVE-2008-0107 is a memory corruption vulnerability in multiple SQL Server lineage components (SQL Server 7.0, SQL Server 2000/2005, MSDE/WYukon) triggered by a crafted on-disk file path supplied via SMB or WebDAV, leading to a heap-based buffer overflow. The flaw permits remote authenticated user...
CVE-2008-3014
CVE-2008-3014 is the GDI+ WMF Buffer Overrun vulnerability. A buffer overflow in gdiplus.dll (GDI+) allows remote code execution when processing a malformed WMF image, affecting multiple Windows and Office components listed in the description (e.g., Internet Explorer 6 SP1 on various Windows vers...
CVE-2009-2504
CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...
CVE-2009-2503
CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...
CVE-2007-4814
CVE-2007-4814 affects the SQL Server Distributed Management Objects (DMO) ActiveX control sqldmo.dll. A buffer overflow in the Start method is triggered by a long argument, enabling remote code execution. Exploitation details are documented in SAINT references, with note that exploits exist for M...
CVE-2008-3015
CVE-2008-3015 (GDI+ BMP Integer Overflow) describes a vulnerability in gdiplus.dll where a BMP BitMapInfoHeader with malformed data can trigger a buffer overflow, enabling remote code execution. Affected products include Office XP SP3, Office 2003 SP2/SP3, Office 2007, Visio 2002 SP2, PowerPoint ...
CVE-2008-3012
CVE-2008-3012 corresponds to an in-GDI+ memory allocation flaw in gdiplus.dll that could allow remote code execution when a specially crafted EMF image is viewed. Connected docs confirm this as MS08-052, addressing vulnerabilities in GDI+ across Windows and Office components (IE6, Windows XP, Ser...
CVE-2008-0085
CVE-2008-0085 describes a memory handling flaw in multiple SQL Server products (SQL Server 7.0, 2000, 2005 and related Desktop Engine variants) where memory pages are not initialized during reallocations, enabling a potential disclosure of sensitive data via memory-page reuse. Connected Microsoft...