31 matches found
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2007-5348
The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2008-3013
CVE-2008-3013 corresponds to a GDI+ GIF parsing vulnerability. The connected KB954593 (MS08-052) describes remote code execution in Windows GDI+ when a user views a specially crafted GIF, affecting multiple Windows versions and Office components. The underlying issue is memory corruption during G...
CVE-2009-2504
CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...
CVE-2008-3014
CVE-2008-3014 is the GDI+ WMF Buffer Overrun vulnerability. A buffer overflow in gdiplus.dll (GDI+) allows remote code execution when processing a malformed WMF image, affecting multiple Windows and Office components listed in the description (e.g., Internet Explorer 6 SP1 on various Windows vers...
CVE-2008-1089
CVE-2008-1089 (Visio Object Header Vulnerability) affects Microsoft Visio 2002 SP2, 2003 SP2/SP3, and 2007 up to SP1. The flaw stems from improper validation of object header data when opening Visio files, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Explo...
CVE-2009-2503
CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2008-1090
CVE-2008-1090 is a Visio memory validation vulnerability in Microsoft Visio 2002 SP2, 2003 SP2/SP3, and 2007 up to SP1. A remote attacker could exploit memory allocation handling when loading specially crafted .DXF files from disk, leading to remote code execution if a user opens the file. The vu...
CVE-2009-0097
CVE-2009-0097 is a remote-code-execution memory-corruption vulnerability in Microsoft Office Visio when opening Visio files. It is described as a memory-validation/memory-corruption issue in how Visio handles object data during file parsing, allowing an attacker to execute arbitrary code via a cr...
CVE-2009-0096
Summary: CVE-2009-0095, CVE-2009-0096, and CVE-2009-0097 are memory-related vulnerabilities in Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1. The flaws involve validation or memory handling when parsing Visio files, allowing remote code execution if a user opens a specially crafted Visi...
CVE-2008-3015
CVE-2008-3015 (GDI+ BMP Integer Overflow) describes a vulnerability in gdiplus.dll where a BMP BitMapInfoHeader with malformed data can trigger a buffer overflow, enabling remote code execution. Affected products include Office XP SP3, Office 2003 SP2/SP3, Office 2007, Visio 2002 SP2, PowerPoint ...
CVE-2009-0095
Summary: CVE-2009-0095 is a remote code execution vulnerability in Microsoft Office Visio, affecting Visio 2002 SP2, Visio 2003 SP3, and Visio 2007 SP1. It stems from improper validation of object data when opening Visio files, allowing a crafted file to execute arbitrary code on a vulnerable sys...
CVE-2008-3012
CVE-2008-3012 corresponds to an in-GDI+ memory allocation flaw in gdiplus.dll that could allow remote code execution when a specially crafted EMF image is viewed. Connected docs confirm this as MS08-052, addressing vulnerabilities in GDI+ across Windows and Office components (IE6, Windows XP, Ser...
CVE-2005-2127
CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...
CVE-2004-0848
CVE-2004-0848 corresponds to a buffer overflow in Microsoft Office XP that can allow remote code execution via specially crafted HTML links referencing URL file locations. Connected advisories detail that the overflow occurs in the Office process handling URL file references, enabling arbitrary c...
CVE-2003-0347
Vulnerability CVE-2003-0347 affects Microsoft Visual Basic for Applications (VBA) 5.0–6.3 via heap-based overflow in VBE.DLL and VBE6.DLL. An attacker could supply a document with a long ID parameter to cause remote code execution. Impact is remote compromise with user privileges; affected compon...
CVE-2010-1681
CVE-2010-1681 is a buffer overflow in VISIODWG.DLL of Microsoft Office Visio triggered by parsing inserted DXF files. Affects Visio versions using VISIODWG.DLL prior to 10.0.6880.4 (patched in KB979364 / MS10-028); original vulnerable library version cited as 10.0.5006.4. Core Security CoreLabs d...
CVE-2006-3864
CVE-2006-3864 is a remote code execution vulnerability in Microsoft Office/PowerPoint components due to a malformed record in Office files (DOC/PPT/XLS) that triggers memory corruption in mso.dll. A remote, user-assisted attacker who persuades a user to open a crafted document can execute arbitra...
CVE-2007-0936
Visio Document Packaging Vulnerability (CVE-2007-0936) in Microsoft Visio 2002/2003—memory corruption triggered by parsing a packed object in Visio files (.VSD/.VSS/.VST). Allows remote code execution when a crafted Visio file is opened. Affected software includes Visio 2002 (SP2) and Visio 2003 ...
CVE-2010-0254
CVE-2010-0254 is a Visio memory‑corruption vulnerability in Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1/SP2. The flaw arises from improper validation of Visio file attributes, allowing a remote attacker to execute arbitrary code by opening a crafted Visio file. The issue is part of a ...
CVE-2011-0092
Microsoft Visio CVE-2011-0092 affects ORMELEMS.DLL in Visio 2002 SP2, 2003 SP3 and 2007 SP2. A malformed VisioDocument stream in a Visio file can trigger an exception handler that accesses an uninitialized object, causing memory corruption and remote code execution. The vulnerability is triggered...
CVE-2011-0093
CVE-2011-0093 affects ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2, where improper parsing of structures during Visio file opening allows remote code execution. The root cause is memory corruption from processing certain attributes in Visio files, enabling an attacker to run a...
CVE-2010-0256
CVE-2010-0256 is a remote-code-execution vulnerability in Microsoft Office Visio (2002 SP2, 2003 SP3, 2007 SP1/SP2) caused by how Visio computes indexes when handling specially crafted Visio files. The issue is a memory corruption in Visio Index Calculation (VISIOIDX) that could allow an attacker...
CVE-2007-0934
CVE-2007-0934 is a Microsoft Visio memory-corruption/remote code-execution issue in the version-number handling of Visio files (.VSD/.VSS/.VST). A crafted Visio file could be opened by a user to trigger arbitrary code execution. The related CVE-2007-0936 (Visio Document Packaging) covers improper...