<< Previous Next >>
MS Office
I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability.
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerability
CVE-2010-1903 - MS10-056
INTRODUCTION
There exists a vulnerability within the way Word handles html linked objects, which leads
VUPEN Security Research - Microsoft Office Excel Formula Record Heap
Corruption Vulnerability
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
Microsoft Office Web Components Remote Memory Corruption Vulnerability
2009.July.13
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Microsoft Office Web Components.
Summary:
========
A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.
Impact:
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite
Vulnerability
1. *Advisory Information*
VUPEN Security Research - Microsoft Office Excel Record Array Indexing
Vulnerability (CVE-2010-3236)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
VUPEN Security Research - Microsoft Office Word Short Sign Memory Corruption
Vulnerability (CVE-2010-3221)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
VUPEN Security Research - Microsoft Office Excel Code Execution
Vulnerabilities
http://www.vupen.com/english/research.php
I. BACKGROUND ---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
ZDI-09-055: Microsoft Office OWC10 ActiveX Control Loading and Unloading
Heap Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-055
August 11, 2009
-- CVE ID:
CVE-2009-0562
-- Affected Vendors:
Microsoft
which allows local users to gain privileges via a Trojan horse shared
library in the current working directory (CVE-2010-3689).
Heap-based buffer overflow in Impress allows remote attackers to cause
a denial of service (application crash) or possibly execute arbitrary
code via a crafted PNG file in an ODF or Microsoft Office document,
as demonstrated by a PowerPoint (aka PPT) document (CVE-2010-4253).
Heap-based buffer overflow in Impress allows remote attackers to cause
a denial of service (application crash) or possibly execute arbitrary
code via a crafted TGA file in an ODF or Microsoft Office document
VUPEN Security Research - Microsoft Office Excel Formula Record Buffer
Overflow Vulnerability (CVE-2010-3231)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
VUPEN Security Research - Microsoft Office Excel Negative Future Function
Vulnerability (CVE-2010-3238)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
VUPEN Security Research - Microsoft Office Word LVL Structure Heap Overflow
Vulnerability (CVE-2010-3220)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
VUPEN Security Research - Microsoft Office Word Return Value Handling
Vulnerability (CVE-2010-3215)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-023
August 14, 2007
-- CVE ID:
CVE-2008-1091
-- Affected Vendors:
Microsoft
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 10, 2010
I. BACKGROUND
Microsoft Word is a word processing application from Microsoft Office.
For more information about Microsoft Word, see the following website:
http://office.microsoft.com/en-us/word/default.aspx
Rich-Text Format (RTF) is a document file format developed by Microsoft
for cross-platform document interchange.
> Microsoft Security Bulletin MS11-071, "Vulnerability in Windows Components
> Could Allow Remote Code Execution," provides support for vulnerable
> components of Microsoft Windows that are affected by the Insecure Library
> Loading class of vulnerabilities described in this advisory.
>
> Microsoft Security Bulletin MS11-073, "Vulnerabilities in Microsoft Office
> Could Allow Remote Code Execution," provides support for vulnerable
> components of Microsoft Office that are affected by the Insecure Library
> Loading class of vulnerabilities described in this advisory.
In addition, this looks like it could be ripe for abuse (if it is true):
ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap
Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-084
December 9, 2008
-- CVE ID:
CVE-2008-4027
-- Affected Vendors:
Microsoft
VUPEN Security Research - Microsoft Office Word Bookmarks Invalid Pointer
Vulnerability (CVE-2010-3216)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
VUPEN Security Research - Microsoft Office Excel Out-of-Bounds Memory Write
Vulnerability (CVE-2010-3241)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
VUPEN Security Research - Microsoft Office Word Document Array Indexing
Vulnerability (CVE-2010-2750)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
VUPEN Security Research - Microsoft Office Word Uninitialized Pointer
Vulnerability (CVE-2010-2747)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
VUPEN Security Research - Microsoft Office Excel Ghost Record Type Parsing
Vulnerability (CVE-2010-3242)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
ZDI-09-054: Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject()
Heap Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-054
August 11, 2009
-- CVE ID:
CVE-2009-1136
-- Affected Vendors:
Microsoft
VUPEN Security Research - Microsoft Office Excel RealTimeData Array Indexing
Vulnerability (CVE-2010-3240)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
VUPEN Security Research - Microsoft Office Word Document Buffer Overflow
Vulnerability (CVE-2010-2748)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
VUPEN Security Research - Microsoft Office Word Document Heap Overflow
Vulnerability (CVE-2010-3218)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow
Vulnerability (CVE-2010-0822)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
VUPEN Security Research - Microsoft Office Excel SxView Memory Corruption
Vulnerability (CVE-2010-1245)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
VUPEN Security Research - Microsoft Office Word BKF Objects Array Indexing
Vulnerability (CVE-2010-3219)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow
Vulnerability (CVE-2010-1249)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
<<Previous Next>>
|
