Download
| Alert*
oval:org.mitre.oval:def:21
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. oval:org.mitre.oval:def:163 Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. oval:org.mitre.oval:def:4022 Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "\\\%00 (null byte) in .doc filenames or (2) "\\\%0a" (carriage return) in .rtf filenames. oval:org.secpod.oval:def:1377 The host is missing a critical security update according to Microsoft security bulletin, MS10-087. The update is required to fix multiple remote code execution vulnerabilities. Flaws are in Microsoft Office, which fails to validate crafted RTF data, msofbtSp records and unspecified flags. Successful ... oval:org.secpod.oval:def:3300 The host is missing a critical security update according to Microsoft security bulletin, MS11-023. The update is required to fix remote code execution vulnerability. A flaw is present in the application which does not properly handle loading of DLL files. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:1522 The host is missing a critical security update according to Microsoft security bulletin, MS10-031. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Visual Basic for Applications, which fails to search for ActiveX Controls embedded in documents. Su ... oval:org.secpod.oval:def:1217 The host is missing an important security update according to Microsoft security bulletin, MS10-105. The update is required to fix denial of service vulnerability. Multiple flaws are caused due to errors in processing CGM, PICT, TIFF, FlashPix image files. Successful exploitation could allows an att ... oval:org.secpod.oval:def:3187 The host is missing a critical security update according to Microsoft security bulletin, MS10-036. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Office, which fails to validate COM objects to be instantiated. Successful exploitation allows an a ... oval:org.secpod.oval:def:1566 The host is missing a critical security update according to Microsoft security bulletin, MS10-003. The update is required to fix buffer overflow vulnerability. A flaw is present in the MSO.dll in Office XP, which fails to validate crafted Office document. Successful exploitation could allow an attac ... oval:org.mitre.oval:def:8399 Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." oval:org.secpod.oval:def:3301 The host is missing a critical security update according to Microsoft security bulletin, MS08-055. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Office, which fails handle a specially crafted OneNote URL. Successful exploitation could allow an atta ... oval:org.secpod.oval:def:3295 The host is missing a critical security update according to Microsoft security bulletin, MS08-017. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Office Web Components, which fails to handle a specially crafted Web page. Successful exploitation coul ... oval:org.mitre.oval:def:12289 The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document. oval:org.mitre.oval:def:12150 The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, "FlashPix Image Converter Heap Corrup ... oval:org.secpod.oval:def:2576 The host is missing a critical security update according to Microsoft security bulletin, MS08-013. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Office, which fails to handle a specially crafted Microsoft Office file. Successful exploitation could ... oval:org.mitre.oval:def:6337 The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office ... oval:org.mitre.oval:def:12387 Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability." oval:org.mitre.oval:def:5645 Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 ... oval:org.mitre.oval:def:6326 Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web C ... oval:org.secpod.oval:def:16104 Microsoft Office XP Service Pack 3 is installed oval:org.mitre.oval:def:5868 Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability." oval:org.mitre.oval:def:11947 Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, "MSO Large SPID Read AV Vulnerability." oval:org.mitre.oval:def:11827 Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, "TIFF Image Converter Heap Overflow Vulnerability." oval:org.secpod.oval:def:2649 The host is missing a moderate security update according to Microsoft security bulletin, MS08-056. The update is required to fix information disclosure vulnerability. A flaw is present in Microsoft Office, which fails to handle a specially crafted CDO URL. Successful exploitation could allow an atta ... oval:org.mitre.oval:def:12350 Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document. oval:org.mitre.oval:def:5969 Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download ... oval:org.mitre.oval:def:5327 Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." oval:org.mitre.oval:def:1553 Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in at ... oval:org.secpod.oval:def:663 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Office XP is prone to remote code execution vulnerability. A flaw is present in GDI+ which does not properly handle integer calculations. Successful exploitation allows attackers to run remote code exe ... oval:org.secpod.oval:def:995 The host is missing a critical security update according to Microsoft security bulletin, MS11-029. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in GDI+ which does not properly handle integer calculations. Successful exploitation allows att ... oval:org.secpod.oval:def:2663 The host is missing a critical security update according to Microsoft security bulletin, MS09-062. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Windows GDI+, which fails to validate data within GDI+ when rendering WMF images and improper ... oval:org.mitre.oval:def:6004 Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital I ... oval:org.mitre.oval:def:6122 Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." oval:org.mitre.oval:def:2706 Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy opera ... oval:org.mitre.oval:def:279 Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, "Microsoft Office Prop ... oval:org.mitre.oval:def:11739 Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, "Drawing Exception Ha ... oval:org.mitre.oval:def:301 Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. oval:org.mitre.oval:def:5881 Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2 ... oval:org.mitre.oval:def:6055 Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 200 ... oval:org.mitre.oval:def:5407 Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulner ... oval:org.mitre.oval:def:11967 Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, "PICT Image Converter Integer Overflow Vulnerability." oval:org.mitre.oval:def:5997 Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a di ... oval:org.mitre.oval:def:11439 Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp ... oval:org.mitre.oval:def:6040 gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQ ... oval:org.mitre.oval:def:5190 Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Offi ... oval:org.mitre.oval:def:12249 Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, "CGM Image Converter Buffer Overrun Vulnerability." oval:org.mitre.oval:def:5986 gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQ ... oval:org.mitre.oval:def:632 Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "a ... oval:org.mitre.oval:def:5970 Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerab ... oval:org.mitre.oval:def:639 MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a c ... oval:org.mitre.oval:def:7074 VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a ... oval:org.mitre.oval:def:1090 The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF ... oval:org.mitre.oval:def:2051 Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. oval:org.mitre.oval:def:11931 Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, "RTF Stack Buffer Overflow Vul ... oval:org.mitre.oval:def:6019 WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnera ... oval:org.mitre.oval:def:7214 The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenTyp ... oval:org.mitre.oval:def:7286 Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiat ... oval:org.secpod.oval:def:2725 The host is missing a critical security update according to Microsoft security bulletin, MS08-016. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Office, which fails to handle a malformed Office file. Successful exploitation could allow an att ... oval:org.secpod.oval:def:2040 The host is missing a critical security update according to Microsoft security bulletin, MS10-063. The update is required to fix code execution vulnerability. A flaw is present in the Unicode Script Processor implementation in USP10.DLL in Microsoft Windows, which is due to two array-indexing errors ... oval:org.secpod.oval:def:2660 The host is missing a critical security update according to Microsoft security bulletin, MS09-044. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Office Filters, which fails to handle a specially crafted image file. Successful exploitation cou ... oval:org.secpod.oval:def:661 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Office XP is prone to remote code execution vulnerability. A flaw is present in the application which does not properly handle loading of DLL files. Successful exploitation allows attackers to run remo ... oval:org.secpod.oval:def:3339 The host is missing a critical security update according to Microsoft security bulletin, MS08-052. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Windows GDI+, which fails handle a specially crafted image file or browsed a Web site that contai ... oval:org.mitre.oval:def:918 Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, "Microsoft Office Parsing ... oval:org.secpod.oval:def:2374 The host is missing a critical security update according to Microsoft security bulletin, MS09-043. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Office Web Components, which fails to handle a specially crafted Web page. Successful exploit ... |