Next Page >>
MS Office
> Gesendet: Mittwoch, 12. Dezember 2007 11:35
> An: bugtraq@securityfocus.com
> Betreff: MS Office 2007: Digital Signature does not protect Meta-Data
>=20
>=20
> Affects: Microsoft Office 2007 (12.0.6015.5000)=20
>=20
> MSO (12.0.6017.5000)=20
>=20
> possibly older versions
>=20
> Gesendet: Mittwoch, 12. Dezember 2007 11:35
> An: bugtraq@securityfocus.com
> Betreff: MS Office 2007: Digital Signature does not protect Meta-Data
>
>
> Affects: Microsoft Office 2007 (12.0.6015.5000)
>
> MSO (12.0.6017.5000)
>
> possibly older versions
>
>> Gesendet: Mittwoch, 12. Dezember 2007 11:35
>> An: bugtraq@securityfocus.com
>> Betreff: MS Office 2007: Digital Signature does not protect Meta-Data
>>
>>
>> Affects: Microsoft Office 2007 (12.0.6015.5000)
>>
>> MSO (12.0.6017.5000)
>>
>> possibly older versions
>>
Gesendet: Mittwoch, 12. Dezember 2007 11:35
An: bugtraq@securityfocus.com
Betreff: MS Office 2007: Digital Signature does not protect Meta-Data
Affects: Microsoft Office 2007 (12.0.6015.5000)
MSO (12.0.6017.5000)
possibly older versions
> Gesendet: Mittwoch, 12. Dezember 2007 11:35
> An: bugtraq@securityfocus.com
> Betreff: MS Office 2007: Digital Signature does not protect Meta-Data
>
>
> Affects: Microsoft Office 2007 (12.0.6015.5000)
>
> MSO (12.0.6017.5000)
>
> possibly older versions
>
Affects: Microsoft Office 2007 (12.0.6015.5000)
MSO (12.0.6017.5000)
possibly older versions
I. Background
Microsoft Office is a suite containing several programs to
handle Office documents like text documents or spreadsheets.
VUPEN Security Research - Microsoft Office Word Document Stack Overflow
Vulnerability (CVE-2010-3214)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 09, 2010
I. BACKGROUND
Microsoft Word is a word processing application from Microsoft Office.
For more information about Microsoft Word, see the following website:
http://office.microsoft.com/en-us/word/default.aspx
Rich-Text Format (RTF) is a document file format developed by Microsoft
for cross-platform document interchange.
======================================================================
Secunia Research 14/12/2010
- Microsoft Office PICT Filter Integer Truncation Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Affects: Microsoft Office 2007 (12.0.6015.5000)
MSO (12.0.6017.5000)
possibly older versions
I. Background
Microsoft Office is a suite containing several programs to
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format.
I. BACKGROUND
-----------------------
Microsoft Office Word, included in the Microsoft Office system,
is a powerful authoring program that gives you the ability to
create and share documents by combining a comprehensive set of
writing tools with the easy-to-use Microsoft Office Fluent user
interface.
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 12, 2008
I. BACKGROUND
Microsoft Office contains a number of input filters. These input filters
allow transparent conversion from external types into a form that the
Office applications can use. More information on import filters in
Microsoft Office 2002 is available at the following URL.
http://support.microsoft.com/?scid=kb;en-us;290362
> III. AFFECTED PRODUCTS
> --------------------------------
>
> According to the vendor, the following products are affected:
>
> - Microsoft Office Word 2007 Service Pack 2
> - Microsoft Office Word 2007 Service Pack 1
> - Microsoft Office Word 2002 Service Pack 3
> - Microsoft Office for Mac 2004
> - Microsoft Office for Mac 2008
> - Open XML File Format Converter for Mac
======================================================================
Secunia Research 14/12/2010
- Microsoft Office TIFF Image Converter -
- Endian Conversion Vulnerability -
======================================================================
Table of Contents
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com
Microsoft Office HtmlDlgHelper class memory corruption
1. *Advisory Information*
Title: Microsoft Office HtmlDlgHelper class memory corruption
Advisory Id: CORE-2010-0517
Feb 12, 2008
I. BACKGROUND
Microsoft Works is a word processor created by Microsoft in the 1980s.
Microsoft Office, a widely use productivity suite, is distributed with
converters for various versions of the Works file format.
II. DESCRIPTION
Remote exploitation of a heap corruption vulnerability in Microsoft
======================================================================
Secunia Research 14/12/2010
- Microsoft Office FlashPix Property Set Parsing Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 09/11/2010
- Microsoft Office Drawing Shape Container Parsing Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 14/10/2009
- Microsoft Office BMP Image Colour Handling Integer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 14/12/2010
- Microsoft Office TIFF Image Converter Two Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 12, 2008
I. BACKGROUND
Microsoft Office contains a number of input filters. These input filters
allow transparent conversion from external types into a form that the
Office applications can use. More information on import filters in
Microsoft Office 2002 is available at the following URL.
http://support.microsoft.com/?scid=kb;en-us;290362
======================================================================
Secunia Research 14/12/2010
- Microsoft Office Document Imaging Endian Conversion Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
ZDI-09-056: Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap
Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-056
August 11, 2009
-- CVE ID:
CVE-2009-2496
-- Affected Vendors:
Microsoft
======================================================================
Secunia Research 14/12/2010
- Microsoft Office Two FlashPix Tile Data Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Aug 11, 2009
I. BACKGROUND
Office Web Components is a group of ActiveX controls that can be used to
view and edit Microsoft Office files such as spreadsheets and charts. It
is commonly used to allow a user to edit a spreadsheet in the browser.
The controls are installed with a default installation of Microsoft
Office. More information can be found at the vendor's website at the
following address.
VUPEN Security Research - Microsoft Office Excel Record Array Indexing
Vulnerability (CVE-2010-3236)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
VUPEN Security Research - Microsoft Office Excel Code Execution
Vulnerabilities
http://www.vupen.com/english/research.php
I. BACKGROUND ---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
Exploitation allows attackers to execute arbitrary code as the user that
converts a specially crafted Works document.
Exploitation might require the installation of additional Microsoft
Office components. When installing Microsoft Office, there are several
installation options for converters. In corporate environments, the
required components are usually set to be installed from the hard drive
on first use. However, one of the installation options causes a request
for the installation media. If this option is used, the media prompt
may help mitigate exploitation.
Microsoft Office Web Components Remote Memory Corruption Vulnerability
2009.July.13
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Microsoft Office Web Components.
Summary:
========
A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.
Impact:
VUPEN Security Research - Microsoft Office Word Short Sign Memory Corruption
Vulnerability (CVE-2010-3221)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
Next Page>>
|
