{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "439B26BA-376C-4D6B-B7BA-B66B8BDA8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka \"Excel Formula Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 hasta 2007, Viewer 2003, Pack de compatibilidad (Compatibility Pack), and Office para Mac 2004 permite a atacantes remotos asistidos por usuarios ejecutar c\u00f3digo de su elecci\u00f3n mediante formulas mal formadas, tambi\u00e9n conocido como \"Vulnerabilidad de an\u00e1lisis sint\u00e1ctico de formulas\" (Excel Formula Parsing Vulnerability)."
    }
  ],
  "id": "CVE-2008-0115",
  "lastModified": "2024-11-21T00:41:12.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-11T23:44:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28167"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019585"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5512"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BCABD31-F406-4184-97AF-21AD95353D26",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:20007_office_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B507F860-5D28-4E86-8F61-FC71F4C030C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:20007_office_system:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A0B1B7-21A7-4038-8738-02AFADAAB06D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB3D66F-9028-4703-9D6A-629331EEB492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka \"File Format Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Excel 2000 SP3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una hoja de c\u00e1lculo manipulada que contiene un objeto malformado, lo que dispara una corrupci\u00f3n de memoria durante la carga de registros desde esta hoja de c\u00e1lculo, alias \"Vulnerabilidad de An\u00e1lisis de Formato de Fichero\"."
    }
  ],
  "evaluatorComment": "http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx\r\n\r\n\t\r\nFile Format Parsing Vulnerability - CVE-2008-4265\r\n\r\nA remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.",
  "id": "CVE-2008-4265",
  "lastModified": "2024-11-21T00:51:17.387",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:01.097",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021368"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/3386"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an \"arbitrary free,\" aka \"Word Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Word 2000 SP3 y 2002 SP3 y Office 2004 para Mac permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Word con un campo lcbPlcfBkfSdt creado en el Bloque de Informaci\u00f3n de Archivos (FIB), que omite un paso de inicializaci\u00f3n y activa un \"arbitrary free,\" aka \"Word Memory Corruption Vulnerability.\""
    }
  ],
  "id": "CVE-2008-4024",
  "lastModified": "2024-11-21T00:50:42.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.783",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.coresecurity.com/content/word-arbitrary-free"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/499086/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.coresecurity.com/content/word-arbitrary-free"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499086/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5934"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4142D44F-26F2-467B-A7DE-00239C0013D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:sp1:*:*:*:*:*",
              "matchCriteriaId": "5E8B5977-31FA-4018-80E1-908016F3C224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:sp3:*:*:*:*:*",
              "matchCriteriaId": "79EEAE40-5791-41F5-A35D-2388480B3843",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a \"memory calculation error\" and a heap-based buffer overflow, aka \"Object Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada de Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de un archivo de Formato de Texto Enriquecido (.rtf) con una cadena mal formada que provoca un \u201cerror de c\u00e1lculo en memoria\u201d y un desbordamiento de b\u00fafer basado en el mont\u00edculo (heap), tambi\u00e9n conocido como \u201cVulnerabilidad de an\u00e1lisis sint\u00e1ctico de Objeto.\u201d"
    }
  ],
  "id": "CVE-2008-1091",
  "lastModified": "2024-11-21T00:43:39.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-05-13T22:20:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30143"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/543907"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/492020/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/29104"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020013"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/1504/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/543907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492020/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1504/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Excel en Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, y Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; y Microsoft Office Excel Viewer 2003 SP3 permite a atacantes remotos ejecutar codigo de forma arbitraria a trav\u00e9s de un fichero Excel con un objeto \"record\" deformado, tambi\u00e9n conocido como \"Vulnerabilidad de Corrupci\u00f3n de Puntero \"Record\"."
    }
  ],
  "id": "CVE-2009-0549",
  "lastModified": "2024-11-21T01:00:17.763",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:30:00.187",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/54952"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/35215"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "439B26BA-376C-4D6B-B7BA-B66B8BDA8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka \"Excel Data Validation Record Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Microsoft Excel 2000 SP3 a 2007, Viewer 2003, Compatibility Pack, y Office 2004 para Mac permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante registros de validaci\u00f3n de datos manipulados, tambi\u00e9n conocido como \"Vulnerabilidad de Registro de Validaci\u00f3n de Datos en Excel.\""
    }
  ],
  "id": "CVE-2008-0111",
  "lastModified": "2024-11-21T00:41:11.583",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-11T23:44:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28094"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019582"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5114"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Office Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo, a trav\u00e9s de un documento Word manipulado que contiene un valor malformado, el cual lanza una corrupci\u00f3n de memoria, alias \"Vulnerabilidad de corrupci\u00f3n de memoria en Word\"."
    }
  ],
  "id": "CVE-2008-4026",
  "lastModified": "2024-11-21T00:50:42.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.817",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5807"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka \"Word RTF Object Parsing Vulnerability,\" a different vulnerability than CVE-2008-4030."
    },
    {
      "lang": "es",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de palabras de control creadas relacionadas con m\u00faltiples etiquetas de Objeto de Dibujo en (1) un archivo RTF o (2) un mensaje de correo electr\u00f3nico de texto enriquecido, que activa la asignaci\u00f3n de memoria incorrecta y un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, tambi\u00e9n se conoce como \"Word RTF Object Parsing Vulnerability,\" una vulnerabilidad diferente a la CVE-2008-4030."
    }
  ],
  "id": "CVE-2008-4028",
  "lastModified": "2024-11-21T00:50:43.100",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.847",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/499063/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-085"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-085/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499063/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-085/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6096"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "413DBB72-E807-46EC-AD7B-4D62C6217CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0B3ECA7D-1B9B-44EF-B76C-01CB36CCC33E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka \"Word Buffer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Microsoft Office Word 2000 SP3, 2002 SP3, y 2007 SP1 y SP2; Microsoft Office para Mac 2004 y 2008; Conversor de formato de archivo Open XML para Mac; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de un documento Word con un registro malformado que lanza una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de b\u00fafer Word\""
    }
  ],
  "id": "CVE-2009-0565",
  "lastModified": "2024-11-21T01:00:20.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:00:00.327",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/54960"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securityreason.com/securityalert/8206"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/35190"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022356"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1546"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"String Copy Stack-Based Overrun Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en Excel en Microsoft Office 2000 SP3 y Office XP SP3, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Excel con un objeto de registro mal formado, tambi\u00e9n conocido como \"Vulnerabilidad String Copy Stack-Based Overrun\"."
    }
  ],
  "id": "CVE-2009-0559",
  "lastModified": "2024-11-21T01:00:19.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:30:00.250",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/35243"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka \"Record Integer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Un desbordamiento enteros en Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP3 y Office 2004 y 2008 para Mac de Microsoft; Excel en 2007 Office System SP1 y SP2 de Microsoft; Open XML File Format Converter para Mac; Office Excel Viewer 2003 SP3 de Microsoft; Office Excel Viewer de Microsoft; Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft; y Office SharePoint Server 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Excel con un registro de tabla de cadenas compartidas (SST) con un campo num\u00e9rico que especifica un n\u00famero no v\u00e1lido de cadenas \u00fanicas, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, tambi\u00e9n se conoce como \"Record Integer Overflow Vulnerability\"."
    }
  ],
  "id": "CVE-2009-0561",
  "lastModified": "2024-11-21T01:00:19.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:30:00.280",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/54957"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-12/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/504190/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/35245"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-12/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504190/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena mal formada en (1) un archivo RTF o (2) una mensaje de correo electr\u00f3nico con texto enriquecido, que provoca una asignaci\u00f3n incorrecta de memoria y una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de an\u00e1lisis sint\u00e1ctico de objeto en Word RTF.\""
    }
  ],
  "id": "CVE-2008-4031",
  "lastModified": "2024-11-21T00:50:43.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.893",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BCABD31-F406-4184-97AF-21AD95353D26",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:20007_office_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B507F860-5D28-4E86-8F61-FC71F4C030C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:20007_office_system:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A0B1B7-21A7-4038-8738-02AFADAAB06D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB3D66F-9028-4703-9D6A-629331EEB492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers \"pointer corruption\" during the loading of formulas from this spreadsheet, aka \"File Format Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Excel Viewer 2003 Gold y SP3; Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de hojas de Excel manipulada que pueden contener f\u00f3rmular malformadas, las cuales lanzan una \"corrupci\u00f3n de puntero\" durante la carga de f\u00f3rmulas desde esta hoja, alias \"Vulnerabilidad de analizador de formato de archivo\""
    }
  ],
  "evaluatorComment": "http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx\r\n\r\n\t\r\nFile Format Parsing Vulnerability - CVE-2008-4264\r\n\r\nA remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed formula. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.",
  "id": "CVE-2008-4264",
  "lastModified": "2024-11-21T00:51:17.267",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:01.080",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/32621"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021368"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/3386"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "439B26BA-376C-4D6B-B7BA-B66B8BDA8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka \"Excel Rich Text Validation Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003, Compatibility Pack y Office 2004 y 2008 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de etiquetas malformadas en texto enriquecido, tambi\u00e9n se conoce como \"Excel Rich Text Validation Vulnerability.\""
    }
  ],
  "id": "CVE-2008-0116",
  "lastModified": "2024-11-21T00:41:12.147",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-11T23:44:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-03"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/489430/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28168"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019586"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489430/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5212"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 SP1; Excel en Microsoft Office 2004 y 2008 para Mac; Microsoft Office Excel Viewer y Excel Viewer 2003 SP3; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 no parsea adecuadamente el fichero con formato de hoja de c\u00e1lculo Excel, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo manipulada que contiene un objeto mal formado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria\"."
    }
  ],
  "id": "CVE-2009-0100",
  "lastModified": "2024-11-21T00:59:03.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-04-15T08:00:00.530",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/53665"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022039"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/53665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4142D44F-26F2-467B-A7DE-00239C0013D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:sp1:*:*:*:*:*",
              "matchCriteriaId": "5E8B5977-31FA-4018-80E1-908016F3C224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:sp3:*:*:*:*:*",
              "matchCriteriaId": "79EEAE40-5791-41F5-A35D-2388480B3843",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a \"memory handling error\" that triggers memory corruption."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de uso de la memoria previamente liberada en Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio  de un documento HTML con un gran n\u00famero de Cascading Style Sheets (CSS), relacionado con un \"memory handling error\" que desencadena una corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2008-1434",
  "lastModified": "2024-11-21T00:44:31.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-05-13T22:20:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30143"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/29105"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020014"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1504/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/29105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1504/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object (\"\\do\") tags, which triggers a \"memory calculation error\" and memory corruption, aka \"Word RTF Object Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Doble Liberaci\u00f3n en Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; y Office 2004 para Mac permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un (1) archivo RTF o (2) un mensaje de correo electr\u00f3nico de texto enriquecido con m\u00faltiples etiquetas consecutivas de Objeto de Dibujo (\"\\do\"), que desencadena una \"memory calculation error\" y una corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \"Word RTF Object Parsing Vulnerability.\""
    }
  ],
  "id": "CVE-2008-4027",
  "lastModified": "2024-11-21T00:50:42.973",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.830",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/499062/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499062/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6098"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB5FE646-2516-4E38-BE3F-9F987CBBB70D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7EB896B5-611E-4457-B438-C6CC937D63FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:sp1:*:*:*:*:*",
              "matchCriteriaId": "5E8B5977-31FA-4018-80E1-908016F3C224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "34EA27E8-657D-4600-936C-423D753880F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "FC12B313-5CBB-4590-A252-C6A406772CAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "F57325F6-A2E0-4127-9A2F-DE6929AB29F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "995D5C53-7C55-4BD9-859D-F4573AA6D238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5440EF5-462B-4BAC-AF60-44C5D649D0D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "794FCFBF-2D55-4ECE-825E-180616DB35FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "DBF95693-8941-4F28-8860-87F038724823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0579650D-24E9-46FF-8876-5164D4397E10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, y 2007 SP1 y SP2; PowerPoint Viewer 2003 y 2007 SP1 y SP2; PowerPoint en Microsoft Office 2004 para Mac y 2008 para Mac; Open XML File Format Converter para Mac; Microsoft Works 8.5 y 9.0; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2 no valida adecuadamente la lista de registros en ficheros PowerPoint, lo que permite a atantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de ficheros manipulados que lanzan una corrupci\u00f3n de memoria relacionada con un tipo de registro inv\u00e1lido, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria\"."
    }
  ],
  "id": "CVE-2009-0224",
  "lastModified": "2024-11-21T00:59:23.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-05-12T22:30:00.267",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=793"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/32428"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/34879"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022205"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1290"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6023"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka \"Word RTF Object Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de Compatibilidad de Office para formatos de archivo de Word, Excel, y PowerPoint 2007; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de (1) un archivo RTF o (2) un mensaje de correo electr\u00f3nico de texto enriquecido que contiene un n\u00famero no v\u00e1lido de puntos para una polil\u00ednea o pol\u00edgono, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, tambi\u00e9n se conoce como \"Word RTF Object Parsing Vulnerability.\"."
    }
  ],
  "id": "CVE-2008-4025",
  "lastModified": "2024-11-21T00:50:42.730",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.800",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2008-21/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/499054/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2008-21/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499054/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5682"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability,\" a different vulnerability than CVE-2008-4028."
    },
    {
      "lang": "es",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold  y SP3; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de palabras de control manipuladas en ficheros (1) RTF o (2) e-mail con texto enriquecido, lo que provoca una asignaci\u00f3n incorrecta de memoria y una corrupci\u00f3n de memoria, tambi\u00e9n conocida como \"Vulnerabilidad Word RTF Object Parsing\". Vulnerabilidad diferente de CVE-2008-4028."
    }
  ],
  "id": "CVE-2008-4030",
  "lastModified": "2024-11-21T00:50:43.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.877",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka \"Record Pointer Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Excel en 2007 Office System SP1 y SP2 de Microsoft; Office Excel Viewer de Microsoft; y Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo BIFF con un objeto de registro Qsir (0x806) malformado, tambi\u00e9n se conoce como \"Record Pointer Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2009-1134",
  "lastModified": "2024-11-21T01:01:44.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:30:00.407",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/54958"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/35246"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Field Sanitization Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Excel en Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, y Office 2004 y 2008 para Mac; Excel en 2007 Microsoft Office System SP1 y SP2; Open XML File Format Converter para Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Excel manipulado con un objeto record mal formado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria en la limpieza de campos\"."
    }
  ],
  "id": "CVE-2009-0560",
  "lastModified": "2024-11-21T01:00:19.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:30:00.267",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/54956"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/35244"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Error de \u00edndice de matriz en Excel en Office 2000 SP3 y Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Excel dise\u00f1ado con un objeto de registro malformado, tambi\u00e9n se conoce como \"Array Indexing Memory Corruption Vulnerability\u201d."
    }
  ],
  "id": "CVE-2009-0558",
  "lastModified": "2024-11-21T01:00:19.057",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:30:00.217",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/54954"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-1/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/35242"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; y Microsoft Works versi\u00f3n 8 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Word creado que contiene una propiedad de tabla malformada, lo que desencadena una corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \"Word Memory Corruption Vulnerability.\""
    }
  ],
  "id": "CVE-2008-4837",
  "lastModified": "2024-11-21T00:52:41.323",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:01.173",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/499064/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499064/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS08-072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
          },
          {
            "name": "oval:org.mitre.oval:def:5807",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5807"
          },
          {
            "name": "1021370",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021370"
          },
          {
            "name": "TA08-344A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
          },
          {
            "name": "ADV-2008-3384",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS08-072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
        },
        {
          "name": "oval:org.mitre.oval:def:5807",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5807"
        },
        {
          "name": "1021370",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021370"
        },
        {
          "name": "TA08-344A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
        },
        {
          "name": "ADV-2008-3384",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3384"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-4026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS08-072",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
            },
            {
              "name": "oval:org.mitre.oval:def:5807",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5807"
            },
            {
              "name": "1021370",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021370"
            },
            {
              "name": "TA08-344A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
            },
            {
              "name": "ADV-2008-3384",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3384"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-4026",
    "datePublished": "2008-12-10T13:33:00",
    "dateReserved": "2008-09-10T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS08-072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
          },
          {
            "name": "oval:org.mitre.oval:def:5737",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737"
          },
          {
            "name": "1021370",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021370"
          },
          {
            "name": "TA08-344A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
          },
          {
            "name": "ADV-2008-3384",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability,\" a different vulnerability than CVE-2008-4028."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS08-072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
        },
        {
          "name": "oval:org.mitre.oval:def:5737",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737"
        },
        {
          "name": "1021370",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021370"
        },
        {
          "name": "TA08-344A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
        },
        {
          "name": "ADV-2008-3384",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3384"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-4030",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability,\" a different vulnerability than CVE-2008-4028."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS08-072",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
            },
            {
              "name": "oval:org.mitre.oval:def:5737",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737"
            },
            {
              "name": "1021370",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021370"
            },
            {
              "name": "TA08-344A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
            },
            {
              "name": "ADV-2008-3384",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3384"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-4030",
    "datePublished": "2008-12-10T13:33:00",
    "dateReserved": "2008-09-10T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS08-072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
          },
          {
            "name": "20081210 CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/499086/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:5934",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5934"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf"
          },
          {
            "name": "1021370",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021370"
          },
          {
            "name": "TA08-344A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
          },
          {
            "name": "ADV-2008-3384",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3384"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/word-arbitrary-free"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an \"arbitrary free,\" aka \"Word Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS08-072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
        },
        {
          "name": "20081210 CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/499086/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:5934",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5934"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf"
        },
        {
          "name": "1021370",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021370"
        },
        {
          "name": "TA08-344A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
        },
        {
          "name": "ADV-2008-3384",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3384"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/word-arbitrary-free"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-4024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an \"arbitrary free,\" aka \"Word Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS08-072",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
            },
            {
              "name": "20081210 CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/499086/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:5934",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5934"
            },
            {
              "name": "http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf"
            },
            {
              "name": "1021370",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021370"
            },
            {
              "name": "TA08-344A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
            },
            {
              "name": "ADV-2008-3384",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3384"
            },
            {
              "name": "http://www.coresecurity.com/content/word-arbitrary-free",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/word-arbitrary-free"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-4024",
    "datePublished": "2008-12-10T13:33:00",
    "dateReserved": "2008-09-10T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6133",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133"
          },
          {
            "name": "35188",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35188"
          },
          {
            "name": "54959",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54959"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-035"
          },
          {
            "name": "TA09-160A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
          },
          {
            "name": "1022356",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022356"
          },
          {
            "name": "MS09-027",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
          },
          {
            "name": "ADV-2009-1546",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1546"
          },
          {
            "name": "20090610 ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504204/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka \"Word Buffer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6133",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133"
        },
        {
          "name": "35188",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35188"
        },
        {
          "name": "54959",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54959"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-035"
        },
        {
          "name": "TA09-160A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
        },
        {
          "name": "1022356",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022356"
        },
        {
          "name": "MS09-027",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
        },
        {
          "name": "ADV-2009-1546",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1546"
        },
        {
          "name": "20090610 ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504204/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka \"Word Buffer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6133",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133"
            },
            {
              "name": "35188",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35188"
            },
            {
              "name": "54959",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54959"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-035",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-035"
            },
            {
              "name": "TA09-160A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            },
            {
              "name": "1022356",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022356"
            },
            {
              "name": "MS09-027",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
            },
            {
              "name": "ADV-2009-1546",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1546"
            },
            {
              "name": "20090610 ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/504204/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0563",
    "datePublished": "2009-06-10T17:37:00",
    "dateReserved": "2009-02-12T00:00:00",
    "dateUpdated": "2024-08-07T04:40:05.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28168",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28168"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-03"
          },
          {
            "name": "TA08-071A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5212",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5212"
          },
          {
            "name": "MS08-014",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
          },
          {
            "name": "SSRT080028",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "HPSBST02320",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "1019586",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019586"
          },
          {
            "name": "ADV-2008-0846",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0846/references"
          },
          {
            "name": "20080311 TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489430/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka \"Excel Rich Text Validation Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "28168",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28168"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-03"
        },
        {
          "name": "TA08-071A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:5212",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5212"
        },
        {
          "name": "MS08-014",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
        },
        {
          "name": "SSRT080028",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
        },
        {
          "name": "HPSBST02320",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
        },
        {
          "name": "1019586",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019586"
        },
        {
          "name": "ADV-2008-0846",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0846/references"
        },
        {
          "name": "20080311 TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489430/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-0116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka \"Excel Rich Text Validation Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28168",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28168"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-03",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-03"
            },
            {
              "name": "TA08-071A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5212",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5212"
            },
            {
              "name": "MS08-014",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
            },
            {
              "name": "SSRT080028",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
            },
            {
              "name": "HPSBST02320",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
            },
            {
              "name": "1019586",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019586"
            },
            {
              "name": "ADV-2008-0846",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0846/references"
            },
            {
              "name": "20080311 TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489430/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-0116",
    "datePublished": "2008-03-11T23:00:00",
    "dateReserved": "2008-01-07T00:00:00",
    "dateUpdated": "2024-08-07T07:32:23.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:04.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54960",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54960"
          },
          {
            "name": "8206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8206"
          },
          {
            "name": "TA09-160A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
          },
          {
            "name": "1022356",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022356"
          },
          {
            "name": "oval:org.mitre.oval:def:6334",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334"
          },
          {
            "name": "MS09-027",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
          },
          {
            "name": "ADV-2009-1546",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1546"
          },
          {
            "name": "35190",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35190"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka \"Word Buffer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "54960",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54960"
        },
        {
          "name": "8206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8206"
        },
        {
          "name": "TA09-160A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
        },
        {
          "name": "1022356",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022356"
        },
        {
          "name": "oval:org.mitre.oval:def:6334",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334"
        },
        {
          "name": "MS09-027",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
        },
        {
          "name": "ADV-2009-1546",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1546"
        },
        {
          "name": "35190",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35190"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka \"Word Buffer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54960",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54960"
            },
            {
              "name": "8206",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8206"
            },
            {
              "name": "TA09-160A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            },
            {
              "name": "1022356",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022356"
            },
            {
              "name": "oval:org.mitre.oval:def:6334",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334"
            },
            {
              "name": "MS09-027",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
            },
            {
              "name": "ADV-2009-1546",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1546"
            },
            {
              "name": "35190",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35190"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0565",
    "datePublished": "2009-06-10T17:37:00",
    "dateReserved": "2009-02-12T00:00:00",
    "dateUpdated": "2024-08-07T04:40:04.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS08-072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084"
          },
          {
            "name": "oval:org.mitre.oval:def:6098",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6098"
          },
          {
            "name": "1021370",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021370"
          },
          {
            "name": "TA08-344A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
          },
          {
            "name": "ADV-2008-3384",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3384"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084/"
          },
          {
            "name": "20081209 ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/499062/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object (\"\\do\") tags, which triggers a \"memory calculation error\" and memory corruption, aka \"Word RTF Object Parsing Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS08-072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084"
        },
        {
          "name": "oval:org.mitre.oval:def:6098",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6098"
        },
        {
          "name": "1021370",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021370"
        },
        {
          "name": "TA08-344A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
        },
        {
          "name": "ADV-2008-3384",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3384"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084/"
        },
        {
          "name": "20081209 ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/499062/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-4027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object (\"\\do\") tags, which triggers a \"memory calculation error\" and memory corruption, aka \"Word RTF Object Parsing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS08-072",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-084",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084"
            },
            {
              "name": "oval:org.mitre.oval:def:6098",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6098"
            },
            {
              "name": "1021370",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021370"
            },
            {
              "name": "TA08-344A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
            },
            {
              "name": "ADV-2008-3384",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3384"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-084/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-084/"
            },
            {
              "name": "20081209 ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/499062/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-4027",
    "datePublished": "2008-12-10T13:33:00",
    "dateReserved": "2008-09-10T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-1540",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1540"
          },
          {
            "name": "54952",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54952"
          },
          {
            "name": "1022351",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022351"
          },
          {
            "name": "MS09-021",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
          },
          {
            "name": "35215",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35215"
          },
          {
            "name": "oval:org.mitre.oval:def:5830",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
          },
          {
            "name": "TA09-160A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2009-1540",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1540"
        },
        {
          "name": "54952",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54952"
        },
        {
          "name": "1022351",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022351"
        },
        {
          "name": "MS09-021",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
        },
        {
          "name": "35215",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35215"
        },
        {
          "name": "oval:org.mitre.oval:def:5830",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
        },
        {
          "name": "TA09-160A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-1540",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1540"
            },
            {
              "name": "54952",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54952"
            },
            {
              "name": "1022351",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022351"
            },
            {
              "name": "MS09-021",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
            },
            {
              "name": "35215",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35215"
            },
            {
              "name": "oval:org.mitre.oval:def:5830",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
            },
            {
              "name": "TA09-160A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0549",
    "datePublished": "2009-06-10T18:00:00",
    "dateReserved": "2009-02-12T00:00:00",
    "dateUpdated": "2024-08-07T04:40:05.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}