Search criteria
69 vulnerabilities found for frontpage by microsoft
FKIE_CVE-2013-3137
Vulnerability from fkie_nvd - Published: 2013-09-11 14:03 - Updated: 2025-04-11 00:51
Severity ?
Summary
Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerability."
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "908FE73D-71E2-4705-91C9-8307C24A0C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka \"XML Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft FrontPage 2003 SP3 no analiza apropiadamente DTDs, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de datos XML manipulados en un documento FrontPage, tambien conocida como \"Vulnerabilidad de Revelaci\u00f3n XML \"."
}
],
"id": "CVE-2013-3137",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.077",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3068
Vulnerability from fkie_nvd - Published: 2008-07-07 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | access | 2007 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | frontpage | 2003 | |
| microsoft | groove | 2007 | |
| microsoft | infopath | 2003 | |
| microsoft | infopath | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office_communicator | 2007 | |
| microsoft | onenote | 2003 | |
| microsoft | outlook | 2003 | |
| microsoft | outlook | 2007 | |
| microsoft | powerpoint | 2003 | |
| microsoft | powerpoint | 2007 | |
| microsoft | project_professional | 2007 | |
| microsoft | project_standard | 2007 | |
| microsoft | publisher | 2003 | |
| microsoft | publisher | 2007 | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | visio_professional | 2007 | |
| microsoft | visio_standard | 2007 | |
| microsoft | windows_live_mail | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:access:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4D3093-F17C-4BCF-8F4A-F15057C55F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "355F60DB-EC9A-4054-8023-BD16D5723C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A007966C-7620-4625-AD2B-6A147577EB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_communicator:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "61116145-828F-479D-9267-76BAB633B23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A947639C-B1D3-4297-B4BB-AD799C979BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project_professional:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "1C58C5D7-B6F0-4C95-A305-ED37629E2A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project_standard:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D468F3-894D-409E-A7CE-EAA5919362E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "190A4DF4-EA93-4E18-BA96-7A7AC48831F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "7E057F77-9197-4BC9-A0A1-A71850F59D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio_professional:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A72192-B10A-4E42-AE68-FE1CB8DA573F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio_standard:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9D837BA2-BAC0-4B72-A1DD-CB4A1CA5A347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_mail:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3CA537-AAF9-4356-AE7E-0AC14E5AFADF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
},
{
"lang": "es",
"value": "Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocaci\u00f3n de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electr\u00f3nico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura y direcciones IP de recipientes, y resultados de escaneo de puerto, a trav\u00e9s de \r\nun certificado manipulado con una extensi\u00f3n de de una Authority Information Access (AIA).\r\n"
}
],
"id": "CVE-2008-3068",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-07T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3978"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28548"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019736"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019737"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019738"
},
{
"source": "cve@mitre.org",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3109
Vulnerability from fkie_nvd - Published: 2007-06-07 21:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:frontpage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0951E183-2BFE-4B19-9F06-107B5E22DBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49AD45BF-8A91-4C87-AF15-D38D8468A4C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO."
},
{
"lang": "es",
"value": "El CERN Image Map Dispatcher (htimage.exe) en el Microsoft FrontPage permite a atacantes remotos determinar la existencia y, posibles contenidos parciales, de ficheros de su elecci\u00f3n bajo la ra\u00edz del web a trav\u00e9s un nombre de ruta relativa en el PATH_INFO."
}
],
"id": "CVE-2007-3109",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-07T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42058"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2784"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470458/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470458/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-0671
Vulnerability from fkie_nvd - Published: 2007-02-03 01:28 - Updated: 2025-10-22 01:15
Severity ?
Summary
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | access | 2000 | |
| microsoft | access | 2002 | |
| microsoft | access | 2003 | |
| microsoft | excel | 2000 | |
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2004 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | frontpage | 2000 | |
| microsoft | frontpage | 2002 | |
| microsoft | frontpage | 2003 | |
| microsoft | infopath | 2003 | |
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | 2004 | |
| microsoft | office | xp | |
| microsoft | onenote | 2003 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook | 2002 | |
| microsoft | outlook | 2003 | |
| microsoft | powerpoint | 2000 | |
| microsoft | powerpoint | 2002 | |
| microsoft | powerpoint | 2003 | |
| microsoft | powerpoint | 2004 | |
| microsoft | project | 2000 | |
| microsoft | project | 2002 | |
| microsoft | project | 2003 | |
| microsoft | publisher | 2000 | |
| microsoft | publisher | 2002 | |
| microsoft | publisher | 2003 | |
| microsoft | visio | 2002 | |
| microsoft | visio | 2003 | |
| microsoft | word | 2000 | |
| microsoft | word | 2002 | |
| microsoft | word | 2003 | |
| microsoft | word_viewer | 2003 |
{
"cisaActionDue": "2025-09-02",
"cisaExploitAdd": "2025-08-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Office Excel Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7BA07-3BCA-41CF-B5D3-341E912650A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "83DFFFF4-EA09-48C5-A600-A62C1A1A7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4AE5AF-C83E-4802-B75C-0058742A4997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "CE1A1218-8033-4F3C-B8D7-7D1D61A273E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6629C-BF53-49A1-B32C-A828CA0A0500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "794FCFBF-2D55-4ECE-825E-180616DB35FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*",
"matchCriteriaId": "6F0EF69E-52BA-4D7C-B470-CB4A92DA7EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "95648599-D3B3-4043-821C-D385FB7A77CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFF713-0884-43BF-9AB8-777664FD64AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de vectores de ataque desconocidos, como es demostrado por el archivo Exploit-MSExcel.h en ataques de d\u00eda cero dirigidos."
}
],
"id": "CVE-2007-0671",
"lastModified": "2025-10-22T01:15:32.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2007-02-03T01:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/31901"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24008"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1017584"
},
{
"source": "secure@microsoft.com",
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"source": "secure@microsoft.com",
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/22383"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-0671"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3877
Vulnerability from fkie_nvd - Published: 2006-10-10 22:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | access | 2000 | |
| microsoft | access | 2002 | |
| microsoft | access | 2003 | |
| microsoft | excel | 2000 | |
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | frontpage | 2000 | |
| microsoft | frontpage | 2002 | |
| microsoft | frontpage | 2003 | |
| microsoft | infopath | 2003 | |
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | 2004 | |
| microsoft | office | xp | |
| microsoft | onenote | 2003 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook | 2002 | |
| microsoft | outlook | 2003 | |
| microsoft | powerpoint | 2000 | |
| microsoft | powerpoint | 2002 | |
| microsoft | powerpoint | 2003 | |
| microsoft | powerpoint | 2004 | |
| microsoft | project | 2000 | |
| microsoft | project | 2002 | |
| microsoft | project | 2003 | |
| microsoft | publisher | 2000 | |
| microsoft | publisher | 2002 | |
| microsoft | publisher | 2003 | |
| microsoft | visio | 2002 | |
| microsoft | visio | 2003 | |
| microsoft | word | 2000 | |
| microsoft | word | 2002 | |
| microsoft | word | 2003 | |
| microsoft | word_viewer | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7BA07-3BCA-41CF-B5D3-341E912650A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "83DFFFF4-EA09-48C5-A600-A62C1A1A7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4AE5AF-C83E-4802-B75C-0058742A4997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6629C-BF53-49A1-B32C-A828CA0A0500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "794FCFBF-2D55-4ECE-825E-180616DB35FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*",
"matchCriteriaId": "6F0EF69E-52BA-4D7C-B470-CB4A92DA7EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "95648599-D3B3-4043-821C-D385FB7A77CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFF713-0884-43BF-9AB8-777664FD64AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un \"fichero artesanal\" no especificado, una vulnerabilidad diferente que CVE-2006-3435, CVE-2006-4694, y CVE-2006-3876."
}
],
"id": "CVE-2006-3877",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-10T22:07:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1017030"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/29448"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/20325"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2143
Vulnerability from fkie_nvd - Published: 2005-07-05 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://securitytracker.com/id?1014352 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.freewebs.com/xxosfilexx/HungFPage.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014352 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.freewebs.com/xxosfilexx/HungFPage.html | Exploit |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:frontpage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0951E183-2BFE-4B19-9F06-107B5E22DBC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page."
}
],
"id": "CVE-2005-2143",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014352"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.freewebs.com/xxosfilexx/HungFPage.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.freewebs.com/xxosfilexx/HungFPage.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2179
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:frontpage:97:*:*:*:*:*:*:*",
"matchCriteriaId": "74459B0D-BF34-4F46-BE89-7D720EA520EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:98:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F2F998-5866-4DA7-88CF-7987E971947E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "731F2F05-A1BB-4BE8-B761-EE04ED6ABBE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
],
"id": "CVE-2004-2179",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11412"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0573
Vulnerability from fkie_nvd - Published: 2004-09-28 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | frontpage | 2000 | |
| microsoft | frontpage | 2002 | |
| microsoft | frontpage | 2003 | |
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | xp | |
| microsoft | publisher | 2000 | |
| microsoft | publisher | 2002 | |
| microsoft | publisher | 2003 | |
| microsoft | word | 2000 | |
| microsoft | word | 2002 | |
| microsoft | word | 2003 | |
| microsoft | works | 2001 | |
| microsoft | works | 2002 | |
| microsoft | works | 2003 | |
| microsoft | works | 2004 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6629C-BF53-49A1-B32C-A828CA0A0500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A82D13-513C-46FA-AF51-0582233E230A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "95648599-D3B3-4043-821C-D385FB7A77CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFF713-0884-43BF-9AB8-777664FD64AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ADD440-2CF5-4BC9-8C48-91CF8D5500BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "17037BD9-742D-42E2-98CC-C764E6F71957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0B77363A-53A3-4CFC-87E0-B7D33445ACEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B6FDD-E9AA-49A4-8D9C-422DF5520A66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el convertidor de Microsoft WordPerfect 5.x en Office 2000, Office XP, Offiece 2003 y las suites Works 2001 a 2004 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un documento o un sitio web malicioso."
}
],
"id": "CVE-2004-0573",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109519646030906\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12529"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011249"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011250"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011251"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011252"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/449438"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109519646030906\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/449438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0200
Vulnerability from fkie_nvd - Published: 2004-09-28 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:sp2:sdk:*:*:*:*:*",
"matchCriteriaId": "644D1C0E-482D-4C6D-AE9D-6B1F99306BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:digital_image_pro:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DED35E4C-1108-44AE-BA55-A008EB9864ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:digital_image_pro:9:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC28680-6FA1-424A-BB8D-5E37E04D4089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:digital_image_suite:9:*:*:*:*:*:*:*",
"matchCriteriaId": "370835D5-D28A-4961-B1B4-72E889596D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:greetings:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "69AFBA4D-6F42-4ED9-9DF4-4A9C29B3ED8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:picture_it:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D85EB5B-A9FE-497E-9922-6D6BDD0C6975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:picture_it:9:*:*:*:*:*:*:*",
"matchCriteriaId": "A27F0EA6-C023-47C5-8F26-7E8A665533F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:picture_it:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "337555B3-6318-41FE-9AD7-6CEAA46F0DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:producer:*:gold:office_powerpoints:*:*:*:*:*",
"matchCriteriaId": "999276CD-D074-4AB1-A53E-5133A3B7BFF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_basic:2002:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "B3B633A9-519A-4179-9F10-3C2C5C9BA6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_basic:2003:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "D6D51C0E-BFF4-46A0-A8FD-45BE591DA347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_c\\#:2002:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "1A1D8127-80AC-4D5B-9D1C-DA2406EF6666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_c\\#:2003:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "8916C0DE-2759-4F97-B7D7-0BCFDC41AB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2002:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "F1090984-34A7-4A21-B903-3FF5E5AB7D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2003:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "A0BED5B2-5F57-4FC8-8B51-908A311B480B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_j\\#_.net:2003:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "CC13A32B-5F2A-42A4-95B5-D13EE78F013B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:gold:*:*:*:*:*:*",
"matchCriteriaId": "E17BD019-DD35-413E-ACBA-2E77C8A1247D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*",
"matchCriteriaId": "B9E6C132-4F4B-4FB0-9DDC-DD9750D8552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un campo de longitud JPEG COM peque\u00f1o que es normalizado a una longitud de entero grande antes de una operaci\u00f3n de copia de memoria."
}
],
"id": "CVE-2004-0200",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-09-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-3137 (GCVE-0-2013-3137)
Vulnerability from cvelistv5 – Published: 2013-09-11 10:00 – Updated: 2024-08-06 16:00
VLAI?
Summary
Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS13-078",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka \"XML Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS13-078",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka \"XML Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-078",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3137",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-04-17T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3068 (GCVE-0-2008-3068)
Vulnerability from cvelistv5 – Published: 2008-07-07 23:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28548"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28548"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28548"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019738"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019737"
},
{
"name": "https://www.cynops.de/techzone/http_over_x509.html",
"refsource": "MISC",
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3068",
"datePublished": "2008-07-07T23:00:00",
"dateReserved": "2008-07-07T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3109 (GCVE-0-2007-3109)
Vulnerability from cvelistv5 – Published: 2007-06-07 21:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070603 CERN \u0026#304;mage Map Dispatcher",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470458/100/0/threaded"
},
{
"name": "42058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42058"
},
{
"name": "2784",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070603 CERN \u0026#304;mage Map Dispatcher",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470458/100/0/threaded"
},
{
"name": "42058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42058"
},
{
"name": "2784",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070603 CERN \u0026#304;mage Map Dispatcher",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470458/100/0/threaded"
},
{
"name": "42058",
"refsource": "OSVDB",
"url": "http://osvdb.org/42058"
},
{
"name": "2784",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3109",
"datePublished": "2007-06-07T21:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0671 (GCVE-0-2007-0671)
Vulnerability from cvelistv5 – Published: 2007-02-03 01:00 – Updated: 2025-10-22 00:05
VLAI?
Summary
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0463",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22383"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-0671",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T03:55:16.148635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-0671"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:56.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-0671"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-12T00:00:00+00:00",
"value": "CVE-2007-0671 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2007-0463",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0463",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"refsource": "OSVDB",
"url": "http://osvdb.org/31901"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/932553.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017584"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=191",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"name": "http://vil.nai.com/vil/content/v_141393.htm",
"refsource": "MISC",
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0671",
"datePublished": "2007-02-03T01:00:00.000Z",
"dateReserved": "2007-02-02T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:56.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3877 (GCVE-0-2006-3877)
Vulnerability from cvelistv5 – Published: 2006-10-10 22:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3877",
"datePublished": "2006-10-10T22:00:00",
"dateReserved": "2006-07-26T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2179 (GCVE-0-2004-2179)
Vulnerability from cvelistv5 – Published: 2005-07-10 04:00 – Updated: 2024-09-16 19:19
VLAI?
Summary
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-10T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2179",
"datePublished": "2005-07-10T04:00:00Z",
"dateReserved": "2005-07-10T04:00:00Z",
"dateUpdated": "2024-09-16T19:19:34.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2143 (GCVE-0-2005-2143)
Vulnerability from cvelistv5 – Published: 2005-07-05 04:00 – Updated: 2024-09-16 19:30
VLAI?
Summary
Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014352",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.freewebs.com/xxosfilexx/HungFPage.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-05T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014352",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.freewebs.com/xxosfilexx/HungFPage.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014352",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014352"
},
{
"name": "http://www.freewebs.com/xxosfilexx/HungFPage.html",
"refsource": "MISC",
"url": "http://www.freewebs.com/xxosfilexx/HungFPage.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2143",
"datePublished": "2005-07-05T04:00:00Z",
"dateReserved": "2005-07-05T00:00:00Z",
"dateUpdated": "2024-09-16T19:30:14.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0573 (GCVE-0-2004-0573)
Vulnerability from cvelistv5 – Published: 2004-09-17 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109519646030906\u0026w=2"
},
{
"name": "12529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12529"
},
{
"name": "oval:org.mitre.oval:def:5021",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021"
},
{
"name": "1011251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011251"
},
{
"name": "oval:org.mitre.oval:def:3311",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311"
},
{
"name": "MS04-027",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027"
},
{
"name": "wordperfect-converter-message-bo(17306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306"
},
{
"name": "oval:org.mitre.oval:def:2670",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670"
},
{
"name": "oval:org.mitre.oval:def:4005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005"
},
{
"name": "1011250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011250"
},
{
"name": "oval:org.mitre.oval:def:3333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333"
},
{
"name": "1011249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011249"
},
{
"name": "VU#449438",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/449438"
},
{
"name": "1011252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109519646030906\u0026w=2"
},
{
"name": "12529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12529"
},
{
"name": "oval:org.mitre.oval:def:5021",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021"
},
{
"name": "1011251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011251"
},
{
"name": "oval:org.mitre.oval:def:3311",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311"
},
{
"name": "MS04-027",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027"
},
{
"name": "wordperfect-converter-message-bo(17306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306"
},
{
"name": "oval:org.mitre.oval:def:2670",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670"
},
{
"name": "oval:org.mitre.oval:def:4005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005"
},
{
"name": "1011250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011250"
},
{
"name": "oval:org.mitre.oval:def:3333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333"
},
{
"name": "1011249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011249"
},
{
"name": "VU#449438",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/449438"
},
{
"name": "1011252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109519646030906\u0026w=2"
},
{
"name": "12529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12529"
},
{
"name": "oval:org.mitre.oval:def:5021",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021"
},
{
"name": "1011251",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011251"
},
{
"name": "oval:org.mitre.oval:def:3311",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311"
},
{
"name": "MS04-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027"
},
{
"name": "wordperfect-converter-message-bo(17306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306"
},
{
"name": "oval:org.mitre.oval:def:2670",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670"
},
{
"name": "oval:org.mitre.oval:def:4005",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005"
},
{
"name": "1011250",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011250"
},
{
"name": "oval:org.mitre.oval:def:3333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333"
},
{
"name": "1011249",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011249"
},
{
"name": "VU#449438",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/449438"
},
{
"name": "1011252",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0573",
"datePublished": "2004-09-17T04:00:00",
"dateReserved": "2004-06-15T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0200 (GCVE-0-2004-0200)
Vulnerability from cvelistv5 – Published: 2004-09-17 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:3038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:3038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:3038",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0200",
"datePublished": "2004-09-17T04:00:00",
"dateReserved": "2004-03-11T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1052 (GCVE-0-1999-1052)
Vulnerability from cvelistv5 – Published: 2001-09-12 04:00 – Updated: 2024-08-01 16:55
VLAI?
Summary
Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19990824 Front Page form_results",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93582550911564\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19990824 Front Page form_results",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93582550911564\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990824 Front Page form_results",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=93582550911564\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1052",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1016 (GCVE-0-1999-1016)
Vulnerability from cvelistv5 – Published: 2001-09-12 04:00 – Updated: 2024-08-01 16:55
VLAI?
Summary
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19990827 HTML code to crash IE5 and Outlook Express 5",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=93578772920970\u0026w=2"
},
{
"name": "606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19990827 HTML code to crash IE5 and Outlook Express 5",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=93578772920970\u0026w=2"
},
{
"name": "606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990827 HTML code to crash IE5 and Outlook Express 5",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=93578772920970\u0026w=2"
},
{
"name": "606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1016",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3137 (GCVE-0-2013-3137)
Vulnerability from nvd – Published: 2013-09-11 10:00 – Updated: 2024-08-06 16:00
VLAI?
Summary
Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS13-078",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka \"XML Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS13-078",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka \"XML Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-078",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3137",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-04-17T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3068 (GCVE-0-2008-3068)
Vulnerability from nvd – Published: 2008-07-07 23:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28548"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28548"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28548"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019738"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019737"
},
{
"name": "https://www.cynops.de/techzone/http_over_x509.html",
"refsource": "MISC",
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3068",
"datePublished": "2008-07-07T23:00:00",
"dateReserved": "2008-07-07T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3109 (GCVE-0-2007-3109)
Vulnerability from nvd – Published: 2007-06-07 21:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070603 CERN \u0026#304;mage Map Dispatcher",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470458/100/0/threaded"
},
{
"name": "42058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42058"
},
{
"name": "2784",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070603 CERN \u0026#304;mage Map Dispatcher",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470458/100/0/threaded"
},
{
"name": "42058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42058"
},
{
"name": "2784",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070603 CERN \u0026#304;mage Map Dispatcher",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470458/100/0/threaded"
},
{
"name": "42058",
"refsource": "OSVDB",
"url": "http://osvdb.org/42058"
},
{
"name": "2784",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3109",
"datePublished": "2007-06-07T21:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0671 (GCVE-0-2007-0671)
Vulnerability from nvd – Published: 2007-02-03 01:00 – Updated: 2025-10-22 00:05
VLAI?
Summary
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0463",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22383"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-0671",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T03:55:16.148635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-0671"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:56.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-0671"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-12T00:00:00+00:00",
"value": "CVE-2007-0671 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2007-0463",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0463",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"refsource": "OSVDB",
"url": "http://osvdb.org/31901"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/932553.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017584"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=191",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"name": "http://vil.nai.com/vil/content/v_141393.htm",
"refsource": "MISC",
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0671",
"datePublished": "2007-02-03T01:00:00.000Z",
"dateReserved": "2007-02-02T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:56.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3877 (GCVE-0-2006-3877)
Vulnerability from nvd – Published: 2006-10-10 22:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3877",
"datePublished": "2006-10-10T22:00:00",
"dateReserved": "2006-07-26T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2179 (GCVE-0-2004-2179)
Vulnerability from nvd – Published: 2005-07-10 04:00 – Updated: 2024-09-16 19:19
VLAI?
Summary
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-10T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2179",
"datePublished": "2005-07-10T04:00:00Z",
"dateReserved": "2005-07-10T04:00:00Z",
"dateUpdated": "2024-09-16T19:19:34.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2143 (GCVE-0-2005-2143)
Vulnerability from nvd – Published: 2005-07-05 04:00 – Updated: 2024-09-16 19:30
VLAI?
Summary
Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014352",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.freewebs.com/xxosfilexx/HungFPage.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-05T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014352",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.freewebs.com/xxosfilexx/HungFPage.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014352",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014352"
},
{
"name": "http://www.freewebs.com/xxosfilexx/HungFPage.html",
"refsource": "MISC",
"url": "http://www.freewebs.com/xxosfilexx/HungFPage.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2143",
"datePublished": "2005-07-05T04:00:00Z",
"dateReserved": "2005-07-05T00:00:00Z",
"dateUpdated": "2024-09-16T19:30:14.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0573 (GCVE-0-2004-0573)
Vulnerability from nvd – Published: 2004-09-17 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109519646030906\u0026w=2"
},
{
"name": "12529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12529"
},
{
"name": "oval:org.mitre.oval:def:5021",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021"
},
{
"name": "1011251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011251"
},
{
"name": "oval:org.mitre.oval:def:3311",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311"
},
{
"name": "MS04-027",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027"
},
{
"name": "wordperfect-converter-message-bo(17306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306"
},
{
"name": "oval:org.mitre.oval:def:2670",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670"
},
{
"name": "oval:org.mitre.oval:def:4005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005"
},
{
"name": "1011250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011250"
},
{
"name": "oval:org.mitre.oval:def:3333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333"
},
{
"name": "1011249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011249"
},
{
"name": "VU#449438",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/449438"
},
{
"name": "1011252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109519646030906\u0026w=2"
},
{
"name": "12529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12529"
},
{
"name": "oval:org.mitre.oval:def:5021",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021"
},
{
"name": "1011251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011251"
},
{
"name": "oval:org.mitre.oval:def:3311",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311"
},
{
"name": "MS04-027",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027"
},
{
"name": "wordperfect-converter-message-bo(17306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306"
},
{
"name": "oval:org.mitre.oval:def:2670",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670"
},
{
"name": "oval:org.mitre.oval:def:4005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005"
},
{
"name": "1011250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011250"
},
{
"name": "oval:org.mitre.oval:def:3333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333"
},
{
"name": "1011249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011249"
},
{
"name": "VU#449438",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/449438"
},
{
"name": "1011252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109519646030906\u0026w=2"
},
{
"name": "12529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12529"
},
{
"name": "oval:org.mitre.oval:def:5021",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021"
},
{
"name": "1011251",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011251"
},
{
"name": "oval:org.mitre.oval:def:3311",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311"
},
{
"name": "MS04-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027"
},
{
"name": "wordperfect-converter-message-bo(17306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306"
},
{
"name": "oval:org.mitre.oval:def:2670",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670"
},
{
"name": "oval:org.mitre.oval:def:4005",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005"
},
{
"name": "1011250",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011250"
},
{
"name": "oval:org.mitre.oval:def:3333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333"
},
{
"name": "1011249",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011249"
},
{
"name": "VU#449438",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/449438"
},
{
"name": "1011252",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0573",
"datePublished": "2004-09-17T04:00:00",
"dateReserved": "2004-06-15T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0200 (GCVE-0-2004-0200)
Vulnerability from nvd – Published: 2004-09-17 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:3038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:3038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:3038",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0200",
"datePublished": "2004-09-17T04:00:00",
"dateReserved": "2004-03-11T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1052 (GCVE-0-1999-1052)
Vulnerability from nvd – Published: 2001-09-12 04:00 – Updated: 2024-08-01 16:55
VLAI?
Summary
Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19990824 Front Page form_results",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93582550911564\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19990824 Front Page form_results",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93582550911564\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990824 Front Page form_results",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=93582550911564\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1052",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}