19 matches found
CVE-2012-0158
CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...
CVE-2012-1856
CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2009-2504
CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...
CVE-2009-2503
CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...
CVE-2008-4254
CVE-2008-4254 describes a remote code execution vulnerability in the Microsoft Visual Basic 6.0 Runtime Extended Files Hierarchical FlexGrid ActiveX control (mshflxgd.ocx). The issue arises from multiple integer overflows in the Hierarchical FlexGrid control when manipulating the Rows/Cols proper...
CVE-2008-3704
CVE-2008-3704 corresponds to a heap-based buffer overflow in the MaskedEdit ActiveX control (Msmask32.ocx) that occurs when a long Mask parameter is processed. The defect affects Msmask32.ocx version 6.0.81.69 and possibly earlier versions (up to 6.0.84.18), within Microsoft Visual Studio 6.0, Vi...
CVE-2008-4255
MODE_C: CVE-2008-4255 maps to a heap-based buffer overflow in MS MSCOMCT2.OCX (Visual Basic 6.0 ActiveX control) used by VB6 runtimes, Visual FoxPro, and Office Project components. The flaw occurs when parsing a malformed AVI stream, leading to memory corruption and remote code execution. Affecte...
CVE-2008-4256
The CVE-2008-4256 entry maps to the Charts ActiveX Control memory corruption vulnerability in Microsoft Visual Basic 6.0 runtime components (notably Mschart20.ocx) and related VB/FoxPro runtimes. The root cause is improper error handling when accessing incorrectly initialized objects, enabling re...
CVE-2008-4252
CVE-2008-4252, -4253, -4254, -4255, -4256 describe memory corruption vulnerabilities in Visual Basic 6.0 ActiveX Controls (DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI Parsing, Charts, Masked Edit). Exploitation vector involves remote code execution by delivering a crafted web pa...
CVE-2008-4253
CVE-2008-4253 is a remote code execution vulnerability in the FlexGrid ActiveX control used by Visual Basic 6.0, Visual FoxPro 8.0 SP1/9.0 SP1/SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3. The issue arises when the ActiveX control handles errors during access to improperly initiali...
CVE-2007-5322
CVE-2007-5322 affects Microsoft Visual FoxPro 6.0 via the FPOLE.OCX 6.0.8450.0 ActiveX control. The vulnerability is an insecure method flaw that lets remote attackers run arbitrary programs by passing a command to the FoxDoCmd function. Public references indicate exploit availability (e.g., Expl...
CVE-2007-4790
CVE-2007-4790 describes a remote code execution via a stack-based buffer overflow in two Visual FoxPro ActiveX controls (FPOLE.OCX 6.0.8450.0 and Foxtlib.ocx) used by the FoxPro FPole 1.0 type library, affecting Internet Explorer 5.01, 6 SP1/SP2, and 7. The flaw is triggered by a long first argum...
CVE-2008-0236
CVE-2008-0236 concerns an ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0). The DoCmd method in the Visual FoxPro vfp6r.dll ActiveX control can be exploited to trigger remote command execution by a user visiting a crafted webpage, with the attack operating in the user’s security...
CVE-2002-0696
CVE-2002-0696 affects Microsoft Visual FoxPro 6.0. The issue arises because Visual FoxPro 6.0 does not register its associated files with Internet Explorer, enabling remote attackers to execute Visual FoxPro applications via HTML that references specially crafted filenames. This can allow code ex...