Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2003-10-20 |
Product | Office | Last view | 2023-10-10 |
Version | xp | Type | Application |
Update | sp1 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:microsoft:office |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7 | 2023-10-10 | CVE-2023-36565 | Microsoft Office Graphics Elevation of Privilege Vulnerability |
9.6 | 2021-12-15 | CVE-2021-43905 | Microsoft Office app Remote Code Execution Vulnerability |
9.3 | 2006-10-10 | CVE-2006-3435 | PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. |
9.3 | 2006-09-27 | CVE-2006-4694 | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. |
5.1 | 2006-07-10 | CVE-2006-3493 | Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. |
9.3 | 2006-03-30 | CVE-2006-1540 | MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string. |
7.5 | 2005-08-19 | CVE-2005-2127 | Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability." |
7.5 | 2005-02-08 | CVE-2004-0848 | Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. |
10 | 2003-10-20 | CVE-2003-0347 | Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
75% (3) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
SAINT Exploits
Description | Link |
---|---|
Microsoft PowerPoint NamedShows record code execution | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
30820 | Microsoft Word mso.dll / mso9.dll LsCreateLine Function DoS |
29446 | Microsoft PowerPoint Crafted PPT Object Pointer Code Execution |
29259 | Microsoft PowerPoint PPT Unspecified Arbitrary Code Execution |
27150 | Microsoft Office MSO.DLL String Processing Overflow |
24595 | Microsoft Office Malformed BIFF Record Multiple File Format Processing DoS |
19093 | Microsoft Design Tools msdds.dll COM Object Arbitrary Code Execution |
13594 | Microsoft Office XP URL Overflow |
12652 | Microsoft Visual Basic for Applications (VBA) VBE.DLL and VBE6.DLL Long ID Ov... |
2692 | Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Comman... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Word information string overflow attempt RuleID : 7203 - Type : FILE-OFFICE - Revision : 18 |
2014-01-10 | Microsoft Office Word document summary information string overflow attempt RuleID : 7202 - Type : FILE-OFFICE - Revision : 16 |
2014-01-10 | Microsoft Office Word summary information null string overflow attempt RuleID : 7201 - Type : FILE-OFFICE - Revision : 11 |
2014-01-10 | Microsoft Office Word document summary information null string overflow attempt RuleID : 7200 - Type : FILE-OFFICE - Revision : 11 |
2014-01-10 | Microsoft Office Excel MSO.DLL malformed string parsing multi byte buffer ove... RuleID : 7198 - Type : FILE-OFFICE - Revision : 10 |
2014-01-10 | Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer ov... RuleID : 7197 - Type : FILE-OFFICE - Revision : 17 |
2014-01-10 | Microsoft Internet Explorer WMI ASDI Extension ActiveX object access RuleID : 4236 - Type : BROWSER-PLUGINS - Revision : 16 |
2014-01-10 | Microsoft Internet Explorer Helper Object for Java ActiveX object access RuleID : 4235 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer MSVTDGridCtrl7 ActiveX object access RuleID : 4234 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer Visual Database Tools Query Designer v7.0 ActiveX... RuleID : 4233 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer SysTray Invoker ActiveX object access RuleID : 4232 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer SysTray ActiveX object access RuleID : 4231 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer Search Assistant UI ActiveX object access RuleID : 4230 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer MSAPP Export Support for Office Access ActiveX ob... RuleID : 4229 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Windows Start Menu ActiveX object access RuleID : 4228 - Type : BROWSER-PLUGINS - Revision : 14 |
2014-01-10 | Microsoft Internet Explorer Network Connections ActiveX object access RuleID : 4227 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer DocHost User Interface Handler ActiveX object access RuleID : 4226 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer Repository ActiveX object access RuleID : 4225 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer VideoPort ActiveX object access RuleID : 4224 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer OpenCable Class ActiveX object access RuleID : 4223 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer Outllib.dll ActiveX object access RuleID : 4222 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Internet Explorer ProxyStub Dispatch ActiveX object access RuleID : 4221 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Windows Network and Dial-Up Connections ActiveX object access RuleID : 4220 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Windows Network Connections Tray ActiveX object access RuleID : 4219 - Type : BROWSER-PLUGINS - Revision : 15 |
2014-01-10 | Microsoft Microsoft Windows Visual Basic WebClass ActiveX object access RuleID : 4218 - Type : BROWSER-PLUGINS - Revision : 15 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2006-10-11 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms_office_oct2006.nasl - Type: ACT_GATHER_INFO |
2006-10-10 | Name: Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File: smb_nt_ms06-058.nasl - Type: ACT_GATHER_INFO |
2006-07-11 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms_06-037.nasl - Type: ACT_GATHER_INFO |
2006-07-11 | Name: Arbitrary code can be executed on the remote host through Microsoft Office. File: smb_nt_ms06-038.nasl - Type: ACT_GATHER_INFO |
2005-10-11 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms05-052.nasl - Type: ACT_GATHER_INFO |
2005-02-09 | Name: Arbitrary code can be executed on the remote host through the Office client. File: smb_nt_ms05-005.nasl - Type: ACT_GATHER_INFO |
2003-09-04 | Name: Arbitrary code can be executed on the remote host through VBA. File: smb_nt_ms03-037.nasl - Type: ACT_GATHER_INFO |