Download
| Alert*
oval:org.mitre.oval:def:202
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates C ... oval:org.mitre.oval:def:528 Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a differe ... oval:org.mitre.oval:def:332 Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-645 ... oval:org.mitre.oval:def:746 Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. oval:org.secpod.oval:def:2666 The host is missing a critical security update according to Microsoft security bulletin, MS08-072. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Office Word and Microsoft Office Outlook, which allows remote code execution if a user opens a sp ... oval:org.mitre.oval:def:5897 Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachment.doc. oval:org.mitre.oval:def:4 Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, "Memmove Code Execution," a different vulnerability than CVE-200 ... oval:org.mitre.oval:def:973 The application Microsoft Word 2002 is installed. oval:org.secpod.oval:def:16105 Microsoft Word 2002 SP3 is installed oval:org.secpod.oval:def:2038 The host is missing a critical security update according to Microsoft security bulletin, MS10-056. The update is required to fix code execution vulnerabilities. Multiple flaws are present in the Office Word in Microsoft Windows, which fails to handle malformed records in a Word file. Successful expl ... oval:org.secpod.oval:def:2357 The host is missing a critical security update according to Microsoft security bulletin, MS09-024. The update is required to fix remote code execution vulnerability in Microsoft Works Converters. A flaw is present in the Microsoft Works Converters, which fails handle a specially crafted Works file. ... oval:org.secpod.oval:def:2559 The host is missing a critical security update according to Microsoft security bulletin, MS09-027. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Office Word, which fails to handle a specially crafted Word file. Successful exploitation all ... oval:org.secpod.oval:def:2049 The host is missing a critical security update according to Microsoft security bulletin, MS10-079. The update is required to fix remote code execution vulnerabilities. Multiple flaws are present in the Windows Word, which fails to validate Word document. Successful exploitation could allow an attack ... oval:org.secpod.oval:def:2282 The host is missing a critical security update according to Microsoft security bulletin, MS09-010. The update is required to fix memory corruption in WordPad and Office Text Converter. Multiple flaws are present due to which applications fail to process specially crafted Word 6 file, Word 97 documen ... oval:org.secpod.oval:def:2638 The host is missing an important security update according to Microsoft security bulletin, MS09-073. The update is required to fix remote code execution vulnerability. A flaw is present in the text converters in Microsoft WordPad and Microsoft Office, which fails to handle a specially crafted Word 9 ... oval:org.secpod.oval:def:2567 The host is missing an important security update according to Microsoft security bulletin, MS09-068. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Office Word, which fails to open specially crafted Word files. Successful exploitation allows an ... oval:org.secpod.oval:def:2578 The host is missing a critical security update according to Microsoft security bulletin, MS08-042. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Word, which fails handle a specially crafted Word file. Successful exploitation could allow an attacker ... oval:org.mitre.oval:def:2105 Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers ... oval:org.mitre.oval:def:2685 Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. oval:org.mitre.oval:def:1236 Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. oval:org.mitre.oval:def:4234 Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. oval:org.mitre.oval:def:2415 Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. oval:org.mitre.oval:def:11472 Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitr ... oval:org.mitre.oval:def:11490 Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word ... oval:org.mitre.oval:def:11612 Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text d ... oval:org.mitre.oval:def:1190 Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. oval:org.mitre.oval:def:1331 Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. oval:org.mitre.oval:def:12039 Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, "Word HTML Linked Objects Memory Corruption Vulnerability." oval:org.mitre.oval:def:1737 Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, the "Word Array Overflow Vulnerability." oval:org.mitre.oval:def:1738 Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. oval:org.mitre.oval:def:1860 Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. oval:org.mitre.oval:def:187 Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. oval:org.mitre.oval:def:1879 Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." oval:org.mitre.oval:def:188 Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. oval:org.mitre.oval:def:1900 Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary ... oval:org.mitre.oval:def:238 Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vuln ... oval:org.mitre.oval:def:5012 Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error ... oval:org.secpod.oval:def:3092 The host is missing a critical security update according to Microsoft security bulletin, MS08-026. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Word, which fails handle a specially crafted Word file. Successful exploitation could allow an attacker ... oval:org.mitre.oval:def:5073 Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. oval:org.secpod.oval:def:3186 The host is missing a critical security update according to Microsoft security bulletin, MS08-009. The update is required to fix remote code execution vulnerability. A flaw is present in Windows Word, which fails to handle a specially crafted Word file. Successful exploitation could allow an attacke ... oval:org.mitre.oval:def:51 Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. oval:org.mitre.oval:def:5494 Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buf ... oval:org.mitre.oval:def:5682 Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Co ... oval:org.mitre.oval:def:5737 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words ... oval:org.mitre.oval:def:578 Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. oval:org.mitre.oval:def:5799 Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that ... oval:org.mitre.oval:def:5807 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execu ... oval:org.mitre.oval:def:5934 Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Co ... oval:org.mitre.oval:def:5952 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allo ... oval:org.mitre.oval:def:5982 Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code vi ... oval:org.mitre.oval:def:6096 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allo ... oval:org.mitre.oval:def:6098 Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers t ... oval:org.mitre.oval:def:6133 Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, ... oval:org.mitre.oval:def:6292 Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3 or Office 2007 SP1 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerabil ... oval:org.mitre.oval:def:6334 Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute ... oval:org.mitre.oval:def:6555 Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information ... oval:org.mitre.oval:def:6695 Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." oval:org.mitre.oval:def:6792 Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." oval:org.mitre.oval:def:6974 Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." oval:org.mitre.oval:def:700 Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. oval:org.mitre.oval:def:7010 Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." oval:org.mitre.oval:def:7019 Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." oval:org.mitre.oval:def:7032 Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, "Word Parsing Vulnerability." oval:org.mitre.oval:def:7121 Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." oval:org.mitre.oval:def:7322 Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote at ... oval:org.mitre.oval:def:7375 Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." oval:org.mitre.oval:def:7529 Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." oval:org.mitre.oval:def:7582 Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." oval:org.mitre.oval:def:5846 Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in ... |