All the vulnerabilites related to microsoft - visio
cve-2010-1681
Vulnerability from cvelistv5
Published
2010-05-05 18:00
Modified
2024-08-07 01:35
Severity ?
Summary
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
References
http://www.securitytracker.com/id?1023938vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/39836vdb-entry, x_refsource_BID
http://www.exploit-db.com/exploits/14944exploit, x_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/511121/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflowx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:52.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1023938",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023938"
          },
          {
            "name": "39836",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/39836"
          },
          {
            "name": "14944",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/14944"
          },
          {
            "name": "20100504 [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511121/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1023938",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023938"
        },
        {
          "name": "39836",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/39836"
        },
        {
          "name": "14944",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/14944"
        },
        {
          "name": "20100504 [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511121/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1023938",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023938"
            },
            {
              "name": "39836",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/39836"
            },
            {
              "name": "14944",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/14944"
            },
            {
              "name": "20100504 [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511121/100/0/threaded"
            },
            {
              "name": "http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1681",
    "datePublished": "2010-05-05T18:00:00",
    "dateReserved": "2010-04-30T00:00:00",
    "dateUpdated": "2024-08-07T01:35:52.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-3013
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 09:21
Severity ?
Summary
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
References
http://secunia.com/advisories/32154third-party-advisory, x_refsource_SECUNIA
http://www.zerodayinitiative.com/advisories/ZDI-08-056x_refsource_MISC
http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.htmlx_refsource_MISC
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052vendor-advisory, x_refsource_MS
http://www.vupen.com/english/advisories/2008/2696vdb-entry, x_refsource_VUPEN
http://www.zerodayinitiative.com/advisories/ZDI-08-056/x_refsource_MISC
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id?1020836vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/archive/1/496154/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/31020vdb-entry, x_refsource_BID
http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlthird-party-advisory, x_refsource_CERT
http://www.vupen.com/english/advisories/2008/2520vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32154",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32154"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
          },
          {
            "name": "HPSBST02372",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "MS08-052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
          },
          {
            "name": "ADV-2008-2696",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2696"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
          },
          {
            "name": "SSRT080133",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "1020836",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020836"
          },
          {
            "name": "oval:org.mitre.oval:def:5986",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
          },
          {
            "name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
          },
          {
            "name": "31020",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31020"
          },
          {
            "name": "TA08-253A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
          },
          {
            "name": "ADV-2008-2520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka \"GDI+ GIF Parsing Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "32154",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32154"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
        },
        {
          "name": "HPSBST02372",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "MS08-052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
        },
        {
          "name": "ADV-2008-2696",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2696"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
        },
        {
          "name": "SSRT080133",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "1020836",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020836"
        },
        {
          "name": "oval:org.mitre.oval:def:5986",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
        },
        {
          "name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
        },
        {
          "name": "31020",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31020"
        },
        {
          "name": "TA08-253A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
        },
        {
          "name": "ADV-2008-2520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2520"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-3013",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka \"GDI+ GIF Parsing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32154",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-056",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
            },
            {
              "name": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html",
              "refsource": "MISC",
              "url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
            },
            {
              "name": "HPSBST02372",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "ADV-2008-2696",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
            },
            {
              "name": "SSRT080133",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "1020836",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020836"
            },
            {
              "name": "oval:org.mitre.oval:def:5986",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
            },
            {
              "name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
            },
            {
              "name": "31020",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31020"
            },
            {
              "name": "TA08-253A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-3013",
    "datePublished": "2008-09-10T15:00:00",
    "dateReserved": "2008-07-07T00:00:00",
    "dateUpdated": "2024-08-07T09:21:34.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1090
Vulnerability from cvelistv5
Published
2008-04-08 23:00
Modified
2024-08-07 08:08
Severity ?
Summary
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
References
http://www.securitytracker.com/id?1019804vdb-entry, x_refsource_SECTRACK
http://www.us-cert.gov/cas/techalerts/TA08-099A.htmlthird-party-advisory, x_refsource_CERT
http://marc.info/?l=bugtraq&m=120845064910729&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2008/1143/referencesvdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=120845064910729&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/29691third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/41452vdb-entry, x_refsource_XF
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019vendor-advisory, x_refsource_MS
http://www.securityfocus.com/bid/28556vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019804",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019804"
          },
          {
            "name": "TA08-099A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
          },
          {
            "name": "SSRT080048",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
          },
          {
            "name": "ADV-2008-1143",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1143/references"
          },
          {
            "name": "oval:org.mitre.oval:def:5344",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344"
          },
          {
            "name": "HPSBST02329",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
          },
          {
            "name": "29691",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29691"
          },
          {
            "name": "visio-file-code-execution(41452)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41452"
          },
          {
            "name": "MS08-019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
          },
          {
            "name": "28556",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28556"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka \"Visio Memory Validation Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1019804",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019804"
        },
        {
          "name": "TA08-099A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
        },
        {
          "name": "SSRT080048",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
        },
        {
          "name": "ADV-2008-1143",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1143/references"
        },
        {
          "name": "oval:org.mitre.oval:def:5344",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344"
        },
        {
          "name": "HPSBST02329",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
        },
        {
          "name": "29691",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29691"
        },
        {
          "name": "visio-file-code-execution(41452)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41452"
        },
        {
          "name": "MS08-019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
        },
        {
          "name": "28556",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28556"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-1090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka \"Visio Memory Validation Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019804",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019804"
            },
            {
              "name": "TA08-099A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
            },
            {
              "name": "SSRT080048",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "ADV-2008-1143",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1143/references"
            },
            {
              "name": "oval:org.mitre.oval:def:5344",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344"
            },
            {
              "name": "HPSBST02329",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "29691",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29691"
            },
            {
              "name": "visio-file-code-execution(41452)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41452"
            },
            {
              "name": "MS08-019",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
            },
            {
              "name": "28556",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28556"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-1090",
    "datePublished": "2008-04-08T23:00:00",
    "dateReserved": "2008-02-28T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0096
Vulnerability from cvelistv5
Published
2009-02-10 22:13
Modified
2024-08-07 04:24
Severity ?
Summary
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
References
http://www.vupen.com/english/advisories/2009/0391vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005vendor-advisory, x_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:17.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0391",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0391"
          },
          {
            "name": "oval:org.mitre.oval:def:6172",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172"
          },
          {
            "name": "MS09-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
          },
          {
            "name": "TA09-041A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka \"Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2009-0391",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0391"
        },
        {
          "name": "oval:org.mitre.oval:def:6172",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172"
        },
        {
          "name": "MS09-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
        },
        {
          "name": "TA09-041A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0096",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka \"Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0391",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0391"
            },
            {
              "name": "oval:org.mitre.oval:def:6172",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172"
            },
            {
              "name": "MS09-005",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
            },
            {
              "name": "TA09-041A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0096",
    "datePublished": "2009-02-10T22:13:00",
    "dateReserved": "2009-01-08T00:00:00",
    "dateUpdated": "2024-08-07T04:24:17.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0097
Vulnerability from cvelistv5
Published
2009-02-10 22:13
Modified
2024-08-07 04:24
Severity ?
Summary
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
References
http://www.vupen.com/english/advisories/2009/0391vdb-entry, x_refsource_VUPEN
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0391",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0391"
          },
          {
            "name": "MS09-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
          },
          {
            "name": "oval:org.mitre.oval:def:6188",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188"
          },
          {
            "name": "TA09-041A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2009-0391",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0391"
        },
        {
          "name": "MS09-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
        },
        {
          "name": "oval:org.mitre.oval:def:6188",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188"
        },
        {
          "name": "TA09-041A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0391",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0391"
            },
            {
              "name": "MS09-005",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
            },
            {
              "name": "oval:org.mitre.oval:def:6188",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188"
            },
            {
              "name": "TA09-041A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0097",
    "datePublished": "2009-02-10T22:13:00",
    "dateReserved": "2009-01-08T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-21737
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:35
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21737vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 15.0.5519.1000
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 15.0.5519.1000
Microsoft Microsoft Visio 2016 Version: 16.0.1   < 16.0.5378.1000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:50.151Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21737"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5519.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5519.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5378.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5519.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5519.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5378.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:35:54.298Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21737"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21737",
    "datePublished": "2023-01-10T00:00:00",
    "dateReserved": "2022-12-13T00:00:00",
    "dateUpdated": "2025-01-01T00:35:54.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2528
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:15.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6426",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6426",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6426",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2528",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:15.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-0079
Vulnerability from cvelistv5
Published
2013-03-13 00:00
Modified
2024-08-06 14:10
Severity ?
Summary
Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
References
http://www.kb.cert.org/vuls/id/851777third-party-advisory, x_refsource_CERT-VN
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023vendor-advisory, x_refsource_MS
http://www.us-cert.gov/ncas/alerts/TA13-071Athird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300vdb-entry, signature, x_refsource_OVAL
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024third-party-advisory, x_refsource_IDEFENSE
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:10:56.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#851777",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/851777"
          },
          {
            "name": "MS13-023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023"
          },
          {
            "name": "TA13-071A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"
          },
          {
            "name": "oval:org.mitre.oval:def:16300",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300"
          },
          {
            "name": "20130312 Microsoft Office Visio Viewer ActiveX Type Confusion Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka \"Visio Viewer Tree Object Type Confusion Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "VU#851777",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/851777"
        },
        {
          "name": "MS13-023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023"
        },
        {
          "name": "TA13-071A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"
        },
        {
          "name": "oval:org.mitre.oval:def:16300",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300"
        },
        {
          "name": "20130312 Microsoft Office Visio Viewer ActiveX Type Confusion Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2013-0079",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka \"Visio Viewer Tree Object Type Confusion Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#851777",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/851777"
            },
            {
              "name": "MS13-023",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023"
            },
            {
              "name": "TA13-071A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"
            },
            {
              "name": "oval:org.mitre.oval:def:16300",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300"
            },
            {
              "name": "20130312 Microsoft Office Visio Viewer ActiveX Type Confusion Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2013-0079",
    "datePublished": "2013-03-13T00:00:00",
    "dateReserved": "2012-11-27T00:00:00",
    "dateUpdated": "2024-08-06T14:10:56.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5574
Vulnerability from cvelistv5
Published
2007-01-09 22:00
Modified
2024-08-07 19:55
Severity ?
Summary
Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
References
http://securitytracker.com/id?1017486vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/457274/100/0/threadedvendor-advisory, x_refsource_HP
http://www.osvdb.org/31251vdb-entry, x_refsource_OSVDB
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001vendor-advisory, x_refsource_MS
http://www.securityfocus.com/archive/1/457274/100/0/threadedvendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2007/0102vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23671third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/21942vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:53.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017486",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017486"
          },
          {
            "name": "HPSBST02184",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "31251",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31251"
          },
          {
            "name": "MS07-001",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001"
          },
          {
            "name": "SSRT071296",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "ADV-2007-0102",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0102"
          },
          {
            "name": "23671",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23671"
          },
          {
            "name": "21942",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21942"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1017486",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017486"
        },
        {
          "name": "HPSBST02184",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
        },
        {
          "name": "31251",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31251"
        },
        {
          "name": "MS07-001",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001"
        },
        {
          "name": "SSRT071296",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
        },
        {
          "name": "ADV-2007-0102",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0102"
        },
        {
          "name": "23671",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23671"
        },
        {
          "name": "21942",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21942"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-5574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017486",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017486"
            },
            {
              "name": "HPSBST02184",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "31251",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31251"
            },
            {
              "name": "MS07-001",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001"
            },
            {
              "name": "SSRT071296",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "ADV-2007-0102",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0102"
            },
            {
              "name": "23671",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23671"
            },
            {
              "name": "21942",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21942"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-5574",
    "datePublished": "2007-01-09T22:00:00",
    "dateReserved": "2006-10-27T00:00:00",
    "dateUpdated": "2024-08-07T19:55:53.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3877
Vulnerability from cvelistv5
Published
2006-10-10 22:00
Modified
2024-08-07 18:48
Severity ?
Summary
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
References
http://www.securityfocus.com/bid/20325vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/449179/100/0/threadedvendor-advisory, x_refsource_HP
http://www.kb.cert.org/vuls/id/205948third-party-advisory, x_refsource_CERT-VN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlthird-party-advisory, x_refsource_CERT
http://www.securityfocus.com/archive/1/449179/100/0/threadedvendor-advisory, x_refsource_HP
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015vendor-advisory, x_refsource_MS
http://www.vupen.com/english/advisories/2006/3977vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058vendor-advisory, x_refsource_MS
http://www.osvdb.org/29448vdb-entry, x_refsource_OSVDB
http://securitytracker.com/id?1017030vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20325",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20325"
          },
          {
            "name": "SSRT061264",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "VU#205948",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/205948"
          },
          {
            "name": "oval:org.mitre.oval:def:568",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
          },
          {
            "name": "TA07-044A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "name": "HPSBST02161",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "MS07-015",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
          },
          {
            "name": "ADV-2006-3977",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3977"
          },
          {
            "name": "oval:org.mitre.oval:def:220",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
          },
          {
            "name": "MS06-058",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
          },
          {
            "name": "29448",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29448"
          },
          {
            "name": "1017030",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017030"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "20325",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20325"
        },
        {
          "name": "SSRT061264",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
        },
        {
          "name": "VU#205948",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/205948"
        },
        {
          "name": "oval:org.mitre.oval:def:568",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
        },
        {
          "name": "TA07-044A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
        },
        {
          "name": "HPSBST02161",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
        },
        {
          "name": "MS07-015",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
        },
        {
          "name": "ADV-2006-3977",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3977"
        },
        {
          "name": "oval:org.mitre.oval:def:220",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
        },
        {
          "name": "MS06-058",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
        },
        {
          "name": "29448",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29448"
        },
        {
          "name": "1017030",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017030"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3877",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20325",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20325"
            },
            {
              "name": "SSRT061264",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            },
            {
              "name": "VU#205948",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/205948"
            },
            {
              "name": "oval:org.mitre.oval:def:568",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "HPSBST02161",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            },
            {
              "name": "MS07-015",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
            },
            {
              "name": "ADV-2006-3977",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3977"
            },
            {
              "name": "oval:org.mitre.oval:def:220",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
            },
            {
              "name": "MS06-058",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
            },
            {
              "name": "29448",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/29448"
            },
            {
              "name": "1017030",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017030"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-3877",
    "datePublished": "2006-10-10T22:00:00",
    "dateReserved": "2006-07-26T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-0256
Vulnerability from cvelistv5
Published
2010-04-14 15:44
Modified
2024-08-07 00:45
Severity ?
Summary
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028vendor-advisory, x_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:11.049Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6732",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732"
          },
          {
            "name": "MS10-028",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
          },
          {
            "name": "TA10-103A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-04-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Visio Index Calculation Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6732",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732"
        },
        {
          "name": "MS10-028",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
        },
        {
          "name": "TA10-103A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-0256",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Visio Index Calculation Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6732",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732"
            },
            {
              "name": "MS10-028",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
            },
            {
              "name": "TA10-103A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-0256",
    "datePublished": "2010-04-14T15:44:00",
    "dateReserved": "2010-01-07T00:00:00",
    "dateUpdated": "2024-08-07T00:45:11.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-3014
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 09:21
Severity ?
Summary
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
References
http://secunia.com/advisories/32154third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052vendor-advisory, x_refsource_MS
http://www.securityfocus.com/bid/31021vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2008/2696vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1020837vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlthird-party-advisory, x_refsource_CERT
http://www.vupen.com/english/advisories/2008/2520vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32154",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32154"
          },
          {
            "name": "HPSBST02372",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "MS08-052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
          },
          {
            "name": "31021",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31021"
          },
          {
            "name": "oval:org.mitre.oval:def:6004",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
          },
          {
            "name": "ADV-2008-2696",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2696"
          },
          {
            "name": "1020837",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020837"
          },
          {
            "name": "SSRT080133",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "TA08-253A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
          },
          {
            "name": "ADV-2008-2520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "32154",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32154"
        },
        {
          "name": "HPSBST02372",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "MS08-052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
        },
        {
          "name": "31021",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31021"
        },
        {
          "name": "oval:org.mitre.oval:def:6004",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
        },
        {
          "name": "ADV-2008-2696",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2696"
        },
        {
          "name": "1020837",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020837"
        },
        {
          "name": "SSRT080133",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "TA08-253A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
        },
        {
          "name": "ADV-2008-2520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2520"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-3014",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32154",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "31021",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31021"
            },
            {
              "name": "oval:org.mitre.oval:def:6004",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
            },
            {
              "name": "ADV-2008-2696",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "1020837",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020837"
            },
            {
              "name": "SSRT080133",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "TA08-253A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-3014",
    "datePublished": "2008-09-10T15:00:00",
    "dateReserved": "2008-07-07T00:00:00",
    "dateUpdated": "2024-08-07T09:21:34.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3126
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 06:14
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:14:56.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6134",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6134",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-3126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6134",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-3126",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-09-10T00:00:00",
    "dateUpdated": "2024-08-07T06:14:56.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-2557
Vulnerability from cvelistv5
Published
2015-10-14 01:00
Modified
2024-08-06 05:17
Severity ?
Summary
Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110vendor-advisory, x_refsource_MS
http://www.zerodayinitiative.com/advisories/ZDI-15-519x_refsource_MISC
http://www.securitytracker.com/id/1033803vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:17:27.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS15-110",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-519"
          },
          {
            "name": "1033803",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033803"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS15-110",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-519"
        },
        {
          "name": "1033803",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033803"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-2557",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS15-110",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-519",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-519"
            },
            {
              "name": "1033803",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033803"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-2557",
    "datePublished": "2015-10-14T01:00:00",
    "dateReserved": "2015-03-19T00:00:00",
    "dateUpdated": "2024-08-06T05:17:27.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3364
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
Summary
Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
http://www.securitytracker.com/id/1036785vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/92803vdb-entry, x_refsource_BID
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:13.300Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036785",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036785"
          },
          {
            "name": "92803",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92803"
          },
          {
            "name": "MS16-107",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1036785",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036785"
        },
        {
          "name": "92803",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92803"
        },
        {
          "name": "MS16-107",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-3364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036785",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036785"
            },
            {
              "name": "92803",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92803"
            },
            {
              "name": "MS16-107",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2016-3364",
    "datePublished": "2016-09-14T10:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:56:13.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-2503
Vulnerability from cvelistv5
Published
2015-11-11 11:00
Modified
2024-08-06 05:17
Severity ?
Summary
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
References
http://www.securitytracker.com/id/1034117vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1034122vdb-entry, x_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116vendor-advisory, x_refsource_MS
http://www.securitytracker.com/id/1034119vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:17:27.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034117",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034117"
          },
          {
            "name": "1034122",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034122"
          },
          {
            "name": "MS15-116",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
          },
          {
            "name": "1034119",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034119"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1034117",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034117"
        },
        {
          "name": "1034122",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034122"
        },
        {
          "name": "MS15-116",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
        },
        {
          "name": "1034119",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034119"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-2503",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034117",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034117"
            },
            {
              "name": "1034122",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034122"
            },
            {
              "name": "MS15-116",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
            },
            {
              "name": "1034119",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034119"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-2503",
    "datePublished": "2015-11-11T11:00:00",
    "dateReserved": "2015-03-19T00:00:00",
    "dateUpdated": "2024-08-06T05:17:27.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0347
Vulnerability from cvelistv5
Published
2003-09-04 04:00
Modified
2024-08-08 01:50
Severity ?
Summary
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
References
http://www.kb.cert.org/vuls/id/804780third-party-advisory, x_refsource_CERT-VN
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.htmlmailing-list, x_refsource_VULNWATCH
http://secunia.com/advisories/9666third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=106262077829157&w=2mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/8534vdb-entry, x_refsource_BID
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:50:47.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#804780",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/804780"
          },
          {
            "name": "20030903 EEYE: VBE Document Property Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html"
          },
          {
            "name": "9666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/9666"
          },
          {
            "name": "20030903 EEYE: VBE Document Property Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106262077829157\u0026w=2"
          },
          {
            "name": "8534",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8534"
          },
          {
            "name": "MS03-037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#804780",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/804780"
        },
        {
          "name": "20030903 EEYE: VBE Document Property Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html"
        },
        {
          "name": "9666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/9666"
        },
        {
          "name": "20030903 EEYE: VBE Document Property Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106262077829157\u0026w=2"
        },
        {
          "name": "8534",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8534"
        },
        {
          "name": "MS03-037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0347",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#804780",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/804780"
            },
            {
              "name": "20030903 EEYE: VBE Document Property Buffer Overflow",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html"
            },
            {
              "name": "9666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/9666"
            },
            {
              "name": "20030903 EEYE: VBE Document Property Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106262077829157\u0026w=2"
            },
            {
              "name": "8534",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8534"
            },
            {
              "name": "MS03-037",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0347",
    "datePublished": "2003-09-04T04:00:00",
    "dateReserved": "2003-05-28T00:00:00",
    "dateUpdated": "2024-08-08T01:50:47.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-0936
Vulnerability from cvelistv5
Published
2007-06-12 19:00
Modified
2024-08-07 12:34
Severity ?
Summary
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
References
http://secunia.com/advisories/25619third-party-advisory, x_refsource_SECUNIA
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030vendor-advisory, x_refsource_MS
http://www.securityfocus.com/archive/1/471947/100/0/threadedvendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2007/2150vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1018227vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/24384vdb-entry, x_refsource_BID
http://osvdb.org/35343vdb-entry, x_refsource_OSVDB
http://www.us-cert.gov/cas/techalerts/TA07-163A.htmlthird-party-advisory, x_refsource_CERT
http://www.securityfocus.com/archive/1/471947/100/0/threadedvendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:34:21.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25619",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25619"
          },
          {
            "name": "MS07-030",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "ADV-2007-2150",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2150"
          },
          {
            "name": "1018227",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018227"
          },
          {
            "name": "24384",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24384"
          },
          {
            "name": "35343",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35343"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1369",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka \"Visio Document Packaging Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "25619",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25619"
        },
        {
          "name": "MS07-030",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "ADV-2007-2150",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2150"
        },
        {
          "name": "1018227",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018227"
        },
        {
          "name": "24384",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24384"
        },
        {
          "name": "35343",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35343"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:1369",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0936",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka \"Visio Document Packaging Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25619",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25619"
            },
            {
              "name": "MS07-030",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "ADV-2007-2150",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2150"
            },
            {
              "name": "1018227",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018227"
            },
            {
              "name": "24384",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24384"
            },
            {
              "name": "35343",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35343"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1369",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0936",
    "datePublished": "2007-06-12T19:00:00",
    "dateReserved": "2007-02-14T00:00:00",
    "dateUpdated": "2024-08-07T12:34:21.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0200
Vulnerability from cvelistv5
Published
2004-09-17 04:00
Modified
2024-08-08 00:10
Severity ?
Summary
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105vdb-entry, signature, x_refsource_OVAL
http://www.kb.cert.org/vuls/id/297462third-party-advisory, x_refsource_CERT-VN
http://www.us-cert.gov/cas/techalerts/TA04-260A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=109524346729948&w=2mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/16304vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:03.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:3038",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
          },
          {
            "name": "oval:org.mitre.oval:def:1105",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
          },
          {
            "name": "VU#297462",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/297462"
          },
          {
            "name": "TA04-260A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:3320",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
          },
          {
            "name": "oval:org.mitre.oval:def:2706",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
          },
          {
            "name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:1721",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
          },
          {
            "name": "oval:org.mitre.oval:def:3082",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
          },
          {
            "name": "MS04-028",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
          },
          {
            "name": "oval:org.mitre.oval:def:4003",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
          },
          {
            "name": "oval:org.mitre.oval:def:3810",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
          },
          {
            "name": "oval:org.mitre.oval:def:4216",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
          },
          {
            "name": "oval:org.mitre.oval:def:4307",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
          },
          {
            "name": "oval:org.mitre.oval:def:3881",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
          },
          {
            "name": "win-jpeg-bo(16304)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:3038",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
        },
        {
          "name": "oval:org.mitre.oval:def:1105",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
        },
        {
          "name": "VU#297462",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/297462"
        },
        {
          "name": "TA04-260A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:3320",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
        },
        {
          "name": "oval:org.mitre.oval:def:2706",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
        },
        {
          "name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:1721",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
        },
        {
          "name": "oval:org.mitre.oval:def:3082",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
        },
        {
          "name": "MS04-028",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
        },
        {
          "name": "oval:org.mitre.oval:def:4003",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
        },
        {
          "name": "oval:org.mitre.oval:def:3810",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
        },
        {
          "name": "oval:org.mitre.oval:def:4216",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
        },
        {
          "name": "oval:org.mitre.oval:def:4307",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
        },
        {
          "name": "oval:org.mitre.oval:def:3881",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
        },
        {
          "name": "win-jpeg-bo(16304)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0200",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:3038",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
            },
            {
              "name": "oval:org.mitre.oval:def:1105",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
            },
            {
              "name": "VU#297462",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/297462"
            },
            {
              "name": "TA04-260A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:3320",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
            },
            {
              "name": "oval:org.mitre.oval:def:2706",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
            },
            {
              "name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:1721",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
            },
            {
              "name": "oval:org.mitre.oval:def:3082",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
            },
            {
              "name": "MS04-028",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
            },
            {
              "name": "oval:org.mitre.oval:def:4003",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
            },
            {
              "name": "oval:org.mitre.oval:def:3810",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
            },
            {
              "name": "oval:org.mitre.oval:def:4216",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
            },
            {
              "name": "oval:org.mitre.oval:def:4307",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
            },
            {
              "name": "oval:org.mitre.oval:def:3881",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
            },
            {
              "name": "win-jpeg-bo(16304)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0200",
    "datePublished": "2004-09-17T04:00:00",
    "dateReserved": "2004-03-11T00:00:00",
    "dateUpdated": "2024-08-08T00:10:03.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-3012
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 09:21
Severity ?
Summary
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
References
http://secunia.com/advisories/32154third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2008/2696vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id?1020835vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/31019vdb-entry, x_refsource_BID
http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlthird-party-advisory, x_refsource_CERT
http://www.vupen.com/english/advisories/2008/2520vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32154",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32154"
          },
          {
            "name": "HPSBST02372",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "MS08-052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
          },
          {
            "name": "oval:org.mitre.oval:def:6040",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
          },
          {
            "name": "ADV-2008-2696",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2696"
          },
          {
            "name": "SSRT080133",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "1020835",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020835"
          },
          {
            "name": "31019",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31019"
          },
          {
            "name": "TA08-253A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
          },
          {
            "name": "ADV-2008-2520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "32154",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32154"
        },
        {
          "name": "HPSBST02372",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "MS08-052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
        },
        {
          "name": "oval:org.mitre.oval:def:6040",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
        },
        {
          "name": "ADV-2008-2696",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2696"
        },
        {
          "name": "SSRT080133",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "1020835",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020835"
        },
        {
          "name": "31019",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31019"
        },
        {
          "name": "TA08-253A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
        },
        {
          "name": "ADV-2008-2520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2520"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-3012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32154",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "oval:org.mitre.oval:def:6040",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
            },
            {
              "name": "ADV-2008-2696",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "SSRT080133",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "1020835",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020835"
            },
            {
              "name": "31019",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31019"
            },
            {
              "name": "TA08-253A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-3012",
    "datePublished": "2008-09-10T15:00:00",
    "dateReserved": "2008-07-07T00:00:00",
    "dateUpdated": "2024-08-07T09:21:34.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20673
Vulnerability from cvelistv5
Published
2024-02-13 18:02
Modified
2024-12-31 18:51
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Excel 2016 Version: 16.0.0.0   < 16.0.5435.1000
Microsoft Microsoft Office 2016 Version: 16.0.0   < 16.0.5435.1001
Microsoft Microsoft PowerPoint 2016 Version: 16.0.0   < 16.0.5435.1000
Microsoft Microsoft Visio 2016 Version: 16.0.1   < 16.0.5435.1000
Microsoft Microsoft Word 2016 Version: 16.0.1   < 16.0.5435.1000
Microsoft Microsoft Publisher 2016 Version: 16.0.0   < 16.0.5435.1000
Microsoft Skype for Business 2016 Version: 0   < 16.0.5435.1000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5435.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5435.1001",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft PowerPoint 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5435.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5435.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Word 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5435.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Publisher 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5435.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Skype for Business 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5435.1000",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5435.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5435.1001",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5435.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5435.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5435.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:publisher:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5435.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:skype_for_business:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5435.1000",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T18:51:30.410Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
        }
      ],
      "title": "Microsoft Office Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20673",
    "datePublished": "2024-02-13T18:02:25.889Z",
    "dateReserved": "2023-11-28T22:58:12.117Z",
    "dateUpdated": "2024-12-31T18:51:30.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2503
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          },
          {
            "name": "oval:org.mitre.oval:def:6491",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        },
        {
          "name": "oval:org.mitre.oval:def:6491",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2503",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            },
            {
              "name": "oval:org.mitre.oval:def:6491",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2503",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-21736
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:35
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21736vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 15.0.5519.1000
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 15.0.5519.1000
Microsoft Microsoft Visio 2016 Version: 16.0.1   < 16.0.5378.1000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:49.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21736"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5519.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5519.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5378.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5519.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5519.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5378.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-681",
              "description": "CWE-681: Incorrect Conversion between Numeric Types",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:35:53.734Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21736"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21736",
    "datePublished": "2023-01-10T00:00:00",
    "dateReserved": "2022-12-13T00:00:00",
    "dateUpdated": "2025-01-01T00:35:53.734Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1979
Vulnerability from cvelistv5
Published
2011-08-10 21:16
Modified
2024-08-06 22:46
Severity ?
Summary
Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060vendor-advisory, x_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA11-221A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:12659",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659"
          },
          {
            "name": "MS11-060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
          },
          {
            "name": "TA11-221A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Move Around the Block RCE Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:12659",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659"
        },
        {
          "name": "MS11-060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
        },
        {
          "name": "TA11-221A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1979",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Move Around the Block RCE Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:12659",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659"
            },
            {
              "name": "MS11-060",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
            },
            {
              "name": "TA11-221A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1979",
    "datePublished": "2011-08-10T21:16:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-3015
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 09:21
Severity ?
Summary
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
References
http://secunia.com/advisories/32154third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1020838vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052vendor-advisory, x_refsource_MS
http://www.securityfocus.com/archive/1/496153/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/2696vdb-entry, x_refsource_VUPEN
http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txtx_refsource_MISC
https://www.exploit-db.com/exploits/6716exploit, x_refsource_EXPLOIT-DB
http://www.zerodayinitiative.com/advisories/ZDI-08-055x_refsource_MISC
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/31022vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881vdb-entry, signature, x_refsource_OVAL
http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txtx_refsource_MISC
https://www.exploit-db.com/exploits/6619exploit, x_refsource_EXPLOIT-DB
http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlthird-party-advisory, x_refsource_CERT
http://www.vupen.com/english/advisories/2008/2520vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32154",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32154"
          },
          {
            "name": "1020838",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020838"
          },
          {
            "name": "HPSBST02372",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "MS08-052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
          },
          {
            "name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
          },
          {
            "name": "ADV-2008-2696",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2696"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
          },
          {
            "name": "6716",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6716"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
          },
          {
            "name": "SSRT080133",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "31022",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31022"
          },
          {
            "name": "oval:org.mitre.oval:def:5881",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
          },
          {
            "name": "6619",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6619"
          },
          {
            "name": "TA08-253A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
          },
          {
            "name": "ADV-2008-2520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka \"GDI+ BMP Integer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "32154",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32154"
        },
        {
          "name": "1020838",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020838"
        },
        {
          "name": "HPSBST02372",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "MS08-052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
        },
        {
          "name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
        },
        {
          "name": "ADV-2008-2696",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2696"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
        },
        {
          "name": "6716",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6716"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
        },
        {
          "name": "SSRT080133",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "31022",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31022"
        },
        {
          "name": "oval:org.mitre.oval:def:5881",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
        },
        {
          "name": "6619",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6619"
        },
        {
          "name": "TA08-253A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
        },
        {
          "name": "ADV-2008-2520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2520"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-3015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka \"GDI+ BMP Integer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32154",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "1020838",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020838"
            },
            {
              "name": "HPSBST02372",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
            },
            {
              "name": "ADV-2008-2696",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt",
              "refsource": "MISC",
              "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
            },
            {
              "name": "6716",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6716"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-055",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
            },
            {
              "name": "SSRT080133",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "31022",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31022"
            },
            {
              "name": "oval:org.mitre.oval:def:5881",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
            },
            {
              "name": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt",
              "refsource": "MISC",
              "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
            },
            {
              "name": "6619",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6619"
            },
            {
              "name": "TA08-253A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-3015",
    "datePublished": "2008-09-10T15:00:00",
    "dateReserved": "2008-07-07T00:00:00",
    "dateUpdated": "2024-08-07T09:21:34.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-1888
Vulnerability from cvelistv5
Published
2012-08-15 01:00
Modified
2024-08-06 19:17
Severity ?
Summary
Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-059vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15811vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA12-227A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:17:26.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS12-059",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-059"
          },
          {
            "name": "oval:org.mitre.oval:def:15811",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15811"
          },
          {
            "name": "TA12-227A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka \"Visio DXF File Format Buffer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS12-059",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-059"
        },
        {
          "name": "oval:org.mitre.oval:def:15811",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15811"
        },
        {
          "name": "TA12-227A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-1888",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka \"Visio DXF File Format Buffer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS12-059",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-059"
            },
            {
              "name": "oval:org.mitre.oval:def:15811",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15811"
            },
            {
              "name": "TA12-227A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2012-1888",
    "datePublished": "2012-08-15T01:00:00",
    "dateReserved": "2012-03-22T00:00:00",
    "dateUpdated": "2024-08-06T19:17:26.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1972
Vulnerability from cvelistv5
Published
2011-08-10 21:16
Modified
2024-08-06 22:46
Severity ?
Summary
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA11-221A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS11-060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
          },
          {
            "name": "oval:org.mitre.oval:def:12852",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852"
          },
          {
            "name": "TA11-221A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka \"pStream Release RCE Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS11-060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
        },
        {
          "name": "oval:org.mitre.oval:def:12852",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852"
        },
        {
          "name": "TA11-221A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1972",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka \"pStream Release RCE Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS11-060",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
            },
            {
              "name": "oval:org.mitre.oval:def:12852",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852"
            },
            {
              "name": "TA11-221A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1972",
    "datePublished": "2011-08-10T21:16:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-0671
Vulnerability from cvelistv5
Published
2007-02-03 01:00
Modified
2024-08-07 12:26
Severity ?
Summary
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
References
http://www.vupen.com/english/advisories/2007/0463vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301vdb-entry, signature, x_refsource_OVAL
http://osvdb.org/31901vdb-entry, x_refsource_OSVDB
http://www.microsoft.com/technet/security/advisory/932553.mspxx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/613740third-party-advisory, x_refsource_CERT-VN
http://securitytracker.com/id?1017584vdb-entry, x_refsource_SECTRACK
http://www.avertlabs.com/research/blog/?p=191x_refsource_MISC
http://secunia.com/advisories/24008third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015vendor-advisory, x_refsource_MS
https://exchange.xforce.ibmcloud.com/vulnerabilities/32178vdb-entry, x_refsource_XF
http://vil.nai.com/vil/content/v_141393.htmx_refsource_MISC
http://www.securityfocus.com/bid/22383vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:26:54.332Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0463",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0463"
          },
          {
            "name": "oval:org.mitre.oval:def:301",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
          },
          {
            "name": "31901",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/31901"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
          },
          {
            "name": "VU#613740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/613740"
          },
          {
            "name": "1017584",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017584"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.avertlabs.com/research/blog/?p=191"
          },
          {
            "name": "24008",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24008"
          },
          {
            "name": "TA07-044A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "name": "MS07-015",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
          },
          {
            "name": "office-unspecified-code-execution(32178)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://vil.nai.com/vil/content/v_141393.htm"
          },
          {
            "name": "22383",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22383"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2007-0463",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0463"
        },
        {
          "name": "oval:org.mitre.oval:def:301",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
        },
        {
          "name": "31901",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/31901"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
        },
        {
          "name": "VU#613740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/613740"
        },
        {
          "name": "1017584",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017584"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.avertlabs.com/research/blog/?p=191"
        },
        {
          "name": "24008",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24008"
        },
        {
          "name": "TA07-044A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
        },
        {
          "name": "MS07-015",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
        },
        {
          "name": "office-unspecified-code-execution(32178)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://vil.nai.com/vil/content/v_141393.htm"
        },
        {
          "name": "22383",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22383"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0463",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0463"
            },
            {
              "name": "oval:org.mitre.oval:def:301",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
            },
            {
              "name": "31901",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/31901"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/932553.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
            },
            {
              "name": "VU#613740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/613740"
            },
            {
              "name": "1017584",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017584"
            },
            {
              "name": "http://www.avertlabs.com/research/blog/?p=191",
              "refsource": "MISC",
              "url": "http://www.avertlabs.com/research/blog/?p=191"
            },
            {
              "name": "24008",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24008"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "MS07-015",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
            },
            {
              "name": "office-unspecified-code-execution(32178)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
            },
            {
              "name": "http://vil.nai.com/vil/content/v_141393.htm",
              "refsource": "MISC",
              "url": "http://vil.nai.com/vil/content/v_141393.htm"
            },
            {
              "name": "22383",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22383"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0671",
    "datePublished": "2007-02-03T01:00:00",
    "dateReserved": "2007-02-02T00:00:00",
    "dateUpdated": "2024-08-07T12:26:54.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3864
Vulnerability from cvelistv5
Published
2006-10-10 22:00
Modified
2024-08-07 18:48
Severity ?
Summary
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/archive/1/449179/100/0/threadedvendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2006/3981vdb-entry, x_refsource_VUPEN
http://www.osvdb.org/29429vdb-entry, x_refsource_OSVDB
http://www.kb.cert.org/vuls/id/176556third-party-advisory, x_refsource_CERT-VN
http://secway.org/advisory/AD20061010.txtx_refsource_MISC
http://www.securityfocus.com/bid/20384vdb-entry, x_refsource_BID
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062vendor-advisory, x_refsource_MS
http://securitytracker.com/id?1017034vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/449179/100/0/threadedvendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/448268/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22339third-party-advisory, x_refsource_SECUNIA
http://support.microsoft.com/kb/922581vendor-advisory, x_refsource_MSKB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:632",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
          },
          {
            "name": "SSRT061264",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "ADV-2006-3981",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3981"
          },
          {
            "name": "29429",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29429"
          },
          {
            "name": "VU#176556",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/176556"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secway.org/advisory/AD20061010.txt"
          },
          {
            "name": "20384",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20384"
          },
          {
            "name": "MS06-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
          },
          {
            "name": "1017034",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017034"
          },
          {
            "name": "HPSBST02161",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "20061011 Microsoft Office Malformed Record Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
          },
          {
            "name": "22339",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22339"
          },
          {
            "name": "922581",
            "tags": [
              "vendor-advisory",
              "x_refsource_MSKB",
              "x_transferred"
            ],
            "url": "http://support.microsoft.com/kb/922581"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an \"array boundary condition\" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:632",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
        },
        {
          "name": "SSRT061264",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
        },
        {
          "name": "ADV-2006-3981",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3981"
        },
        {
          "name": "29429",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29429"
        },
        {
          "name": "VU#176556",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/176556"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secway.org/advisory/AD20061010.txt"
        },
        {
          "name": "20384",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20384"
        },
        {
          "name": "MS06-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
        },
        {
          "name": "1017034",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017034"
        },
        {
          "name": "HPSBST02161",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
        },
        {
          "name": "20061011 Microsoft Office Malformed Record Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
        },
        {
          "name": "22339",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22339"
        },
        {
          "name": "922581",
          "tags": [
            "vendor-advisory",
            "x_refsource_MSKB"
          ],
          "url": "http://support.microsoft.com/kb/922581"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3864",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an \"array boundary condition\" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:632",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
            },
            {
              "name": "SSRT061264",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            },
            {
              "name": "ADV-2006-3981",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3981"
            },
            {
              "name": "29429",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/29429"
            },
            {
              "name": "VU#176556",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/176556"
            },
            {
              "name": "http://secway.org/advisory/AD20061010.txt",
              "refsource": "MISC",
              "url": "http://secway.org/advisory/AD20061010.txt"
            },
            {
              "name": "20384",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20384"
            },
            {
              "name": "MS06-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
            },
            {
              "name": "1017034",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017034"
            },
            {
              "name": "HPSBST02161",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            },
            {
              "name": "20061011 Microsoft Office Malformed Record Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
            },
            {
              "name": "22339",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22339"
            },
            {
              "name": "922581",
              "refsource": "MSKB",
              "url": "http://support.microsoft.com/kb/922581"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-3864",
    "datePublished": "2006-10-10T22:00:00",
    "dateReserved": "2006-07-26T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2502
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-10-21 16:34
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          },
          {
            "name": "oval:org.mitre.oval:def:5898",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2009-2502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-11T16:41:52.863250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T16:34:33.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        },
        {
          "name": "oval:org.mitre.oval:def:5898",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2502",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            },
            {
              "name": "oval:org.mitre.oval:def:5898",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2502",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-10-21T16:34:33.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1301
Vulnerability from cvelistv5
Published
2013-05-15 01:00
Modified
2024-08-06 14:57
Severity ?
Summary
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
References
http://www.us-cert.gov/ncas/alerts/TA13-134Athird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:05.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA13-134A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
          },
          {
            "name": "oval:org.mitre.oval:def:16750",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750"
          },
          {
            "name": "MS13-044",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka \"XML External Entities Resolution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA13-134A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
        },
        {
          "name": "oval:org.mitre.oval:def:16750",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750"
        },
        {
          "name": "MS13-044",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2013-1301",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka \"XML External Entities Resolution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA13-134A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
            },
            {
              "name": "oval:org.mitre.oval:def:16750",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750"
            },
            {
              "name": "MS13-044",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2013-1301",
    "datePublished": "2013-05-15T01:00:00",
    "dateReserved": "2013-01-12T00:00:00",
    "dateUpdated": "2024-08-06T14:57:05.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0095
Vulnerability from cvelistv5
Published
2009-02-10 22:13
Modified
2024-08-07 04:24
Severity ?
Summary
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
References
http://www.vupen.com/english/advisories/2009/0391vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005vendor-advisory, x_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0391",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0391"
          },
          {
            "name": "oval:org.mitre.oval:def:6179",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179"
          },
          {
            "name": "MS09-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
          },
          {
            "name": "TA09-041A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Validation Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2009-0391",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0391"
        },
        {
          "name": "oval:org.mitre.oval:def:6179",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179"
        },
        {
          "name": "MS09-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
        },
        {
          "name": "TA09-041A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Validation Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0391",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0391"
            },
            {
              "name": "oval:org.mitre.oval:def:6179",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179"
            },
            {
              "name": "MS09-005",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
            },
            {
              "name": "TA09-041A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0095",
    "datePublished": "2009-02-10T22:13:00",
    "dateReserved": "2009-01-08T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-0093
Vulnerability from cvelistv5
Published
2011-02-10 15:00
Modified
2024-08-06 21:43
Severity ?
Summary
ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
References
http://osvdb.org/70829vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2011/0321vdb-entry, x_refsource_VUPEN
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008vendor-advisory, x_refsource_MS
https://exchange.xforce.ibmcloud.com/vulnerabilities/64924vdb-entry, x_refsource_XF
http://www.securitytracker.com/id?1025043vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/46138vdb-entry, x_refsource_BID
http://secunia.com/advisories/43254third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:43:14.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "70829",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70829"
          },
          {
            "name": "ADV-2011-0321",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0321"
          },
          {
            "name": "MS11-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
          },
          {
            "name": "ms-visio-data-code-execution(64924)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64924"
          },
          {
            "name": "1025043",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025043"
          },
          {
            "name": "46138",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46138"
          },
          {
            "name": "43254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43254"
          },
          {
            "name": "oval:org.mitre.oval:def:12469",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka \"Visio Data Type Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "70829",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70829"
        },
        {
          "name": "ADV-2011-0321",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0321"
        },
        {
          "name": "MS11-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
        },
        {
          "name": "ms-visio-data-code-execution(64924)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64924"
        },
        {
          "name": "1025043",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025043"
        },
        {
          "name": "46138",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46138"
        },
        {
          "name": "43254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43254"
        },
        {
          "name": "oval:org.mitre.oval:def:12469",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-0093",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka \"Visio Data Type Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "70829",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70829"
            },
            {
              "name": "ADV-2011-0321",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0321"
            },
            {
              "name": "MS11-008",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
            },
            {
              "name": "ms-visio-data-code-execution(64924)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64924"
            },
            {
              "name": "1025043",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025043"
            },
            {
              "name": "46138",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46138"
            },
            {
              "name": "43254",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43254"
            },
            {
              "name": "oval:org.mitre.oval:def:12469",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-0093",
    "datePublished": "2011-02-10T15:00:00",
    "dateReserved": "2010-12-21T00:00:00",
    "dateUpdated": "2024-08-06T21:43:14.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0848
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-08 00:31
Severity ?
Summary
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
References
http://www.kb.cert.org/vuls/id/416001third-party-advisory, x_refsource_CERT-VN
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/19107vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:47.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#416001",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/416001"
          },
          {
            "name": "MS05-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005"
          },
          {
            "name": "oval:org.mitre.oval:def:2738",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738"
          },
          {
            "name": "oval:org.mitre.oval:def:2348",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348"
          },
          {
            "name": "TA05-039A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:4022",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022"
          },
          {
            "name": "ms-url-bo(19107)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19107"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) \"%00 (null byte) in .doc filenames or (2) \"%0a\" (carriage return) in .rtf filenames."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#416001",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/416001"
        },
        {
          "name": "MS05-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005"
        },
        {
          "name": "oval:org.mitre.oval:def:2738",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738"
        },
        {
          "name": "oval:org.mitre.oval:def:2348",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348"
        },
        {
          "name": "TA05-039A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:4022",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022"
        },
        {
          "name": "ms-url-bo(19107)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19107"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0848",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) \"%00 (null byte) in .doc filenames or (2) \"%0a\" (carriage return) in .rtf filenames."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#416001",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/416001"
            },
            {
              "name": "MS05-005",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005"
            },
            {
              "name": "oval:org.mitre.oval:def:2738",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738"
            },
            {
              "name": "oval:org.mitre.oval:def:2348",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348"
            },
            {
              "name": "TA05-039A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:4022",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022"
            },
            {
              "name": "ms-url-bo(19107)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19107"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0848",
    "datePublished": "2005-02-08T05:00:00",
    "dateReserved": "2004-09-08T00:00:00",
    "dateUpdated": "2024-08-08T00:31:47.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0012
Vulnerability from cvelistv5
Published
2016-01-13 02:00
Modified
2024-08-05 22:08
Severity ?
Summary
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004vendor-advisory, x_refsource_MS
http://www.securitytracker.com/id/1034651vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:08:11.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS16-004",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
          },
          {
            "name": "1034651",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034651"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"Microsoft Office ASLR Bypass.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS16-004",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
        },
        {
          "name": "1034651",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034651"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-0012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"Microsoft Office ASLR Bypass.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS16-004",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
            },
            {
              "name": "1034651",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034651"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2016-0012",
    "datePublished": "2016-01-13T02:00:00",
    "dateReserved": "2015-12-04T00:00:00",
    "dateUpdated": "2024-08-05T22:08:11.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2504
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6282",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6282",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6282",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2504",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-38016
Vulnerability from cvelistv5
Published
2024-09-19 17:09
Modified
2024-12-31 23:03
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Office 2019 Version: 19.0.0   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Visio 2016 Version: 16.0.1   < 16.0.5465.1001
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:43:02.481800Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:45:46.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5465.1001",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5465.1001",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-09-19T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T23:03:27.978Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-38016",
    "datePublished": "2024-09-19T17:09:59.949Z",
    "dateReserved": "2024-06-11T18:18:00.678Z",
    "dateUpdated": "2024-12-31T23:03:27.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-2423
Vulnerability from cvelistv5
Published
2015-08-15 00:00
Modified
2024-08-06 05:17
Severity ?
Summary
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability."
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081vendor-advisory, x_refsource_MS
http://www.securitytracker.com/id/1033237vdb-entry, x_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088vendor-advisory, x_refsource_MS
http://www.securitytracker.com/id/1033248vdb-entry, x_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079vendor-advisory, x_refsource_MS
http://www.securitytracker.com/id/1033239vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:17:26.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS15-081",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
          },
          {
            "name": "1033237",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033237"
          },
          {
            "name": "MS15-088",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088"
          },
          {
            "name": "1033248",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033248"
          },
          {
            "name": "MS15-079",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079"
          },
          {
            "name": "1033239",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Unsafe Command Line Parameter Passing Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS15-081",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
        },
        {
          "name": "1033237",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033237"
        },
        {
          "name": "MS15-088",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088"
        },
        {
          "name": "1033248",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033248"
        },
        {
          "name": "MS15-079",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079"
        },
        {
          "name": "1033239",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-2423",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Unsafe Command Line Parameter Passing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS15-081",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
            },
            {
              "name": "1033237",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033237"
            },
            {
              "name": "MS15-088",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088"
            },
            {
              "name": "1033248",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033248"
            },
            {
              "name": "MS15-079",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079"
            },
            {
              "name": "1033239",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-2423",
    "datePublished": "2015-08-15T00:00:00",
    "dateReserved": "2015-03-19T00:00:00",
    "dateUpdated": "2024-08-06T05:17:26.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-0254
Vulnerability from cvelistv5
Published
2010-04-14 15:44
Modified
2024-08-07 00:45
Severity ?
Summary
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028vendor-advisory, x_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:11.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6819",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819"
          },
          {
            "name": "MS10-028",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
          },
          {
            "name": "TA10-103A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-04-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Visio Attribute Validation Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6819",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819"
        },
        {
          "name": "MS10-028",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
        },
        {
          "name": "TA10-103A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-0254",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Visio Attribute Validation Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6819",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819"
            },
            {
              "name": "MS10-028",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
            },
            {
              "name": "TA10-103A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-0254",
    "datePublished": "2010-04-14T15:44:00",
    "dateReserved": "2010-01-07T00:00:00",
    "dateUpdated": "2024-08-07T00:45:11.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5348
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 15:24
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
References
http://secunia.com/advisories/32154third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052vendor-advisory, x_refsource_MS
http://www.vupen.com/english/advisories/2008/2696vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1020834vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=122235754013992&w=2vendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055vdb-entry, signature, x_refsource_OVAL
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743third-party-advisory, x_refsource_IDEFENSE
http://www.securityfocus.com/bid/31018vdb-entry, x_refsource_BID
http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlthird-party-advisory, x_refsource_CERT
http://www.vupen.com/english/advisories/2008/2520vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:42.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32154",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32154"
          },
          {
            "name": "HPSBST02372",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "MS08-052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
          },
          {
            "name": "ADV-2008-2696",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2696"
          },
          {
            "name": "1020834",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020834"
          },
          {
            "name": "SSRT080133",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:6055",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
          },
          {
            "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
          },
          {
            "name": "31018",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31018"
          },
          {
            "name": "TA08-253A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
          },
          {
            "name": "ADV-2008-2520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "32154",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32154"
        },
        {
          "name": "HPSBST02372",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "MS08-052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
        },
        {
          "name": "ADV-2008-2696",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2696"
        },
        {
          "name": "1020834",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020834"
        },
        {
          "name": "SSRT080133",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:6055",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
        },
        {
          "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
        },
        {
          "name": "31018",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31018"
        },
        {
          "name": "TA08-253A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
        },
        {
          "name": "ADV-2008-2520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2520"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-5348",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32154",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "ADV-2008-2696",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "1020834",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020834"
            },
            {
              "name": "SSRT080133",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:6055",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
            },
            {
              "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
            },
            {
              "name": "31018",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31018"
            },
            {
              "name": "TA08-253A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-5348",
    "datePublished": "2008-09-10T15:00:00",
    "dateReserved": "2007-10-10T00:00:00",
    "dateUpdated": "2024-08-07T15:24:42.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-38010
Vulnerability from cvelistv5
Published
2022-09-13 18:42
Modified
2025-01-02 19:40
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 15.0.5485.1001
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 15.0.5485.1001
Microsoft Microsoft Visio 2016 Version: 16.0.1   < 16.0.5361.1002
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:42.623Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5485.1001",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5485.1001",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5361.1002",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5485.1001",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5485.1001",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5361.1002",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2022-09-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T19:40:38.064Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-38010",
    "datePublished": "2022-09-13T18:42:19",
    "dateReserved": "2022-08-08T00:00:00",
    "dateUpdated": "2025-01-02T19:40:38.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-27055
Vulnerability from cvelistv5
Published
2021-03-11 15:48
Modified
2024-08-03 20:40
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < publication
    cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*
Microsoft Microsoft Visio 2016 Version: 16.0.1   < publication
    cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*
Microsoft Microsoft Visio 2010 Service Pack 2 Version: 13.0.0.0   < publication
    cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*
Microsoft Microsoft Office 2019 Version: 19.0.0   < https://aka.ms/OfficeSecurityReleases
    cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
    cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1 ",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2010 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "13.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
          ],
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Visio Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:09:24.582Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055"
        }
      ],
      "title": "Microsoft Visio Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-27055",
    "datePublished": "2021-03-11T15:48:18",
    "dateReserved": "2021-02-10T00:00:00",
    "dateUpdated": "2024-08-03T20:40:47.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-0934
Vulnerability from cvelistv5
Published
2007-06-12 19:00
Modified
2024-08-07 12:34
Severity ?
Summary
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/25619third-party-advisory, x_refsource_SECUNIA
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030vendor-advisory, x_refsource_MS
http://www.securityfocus.com/archive/1/471947/100/0/threadedvendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2007/2150vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/34607vdb-entry, x_refsource_XF
http://www.securitytracker.com/id?1018227vdb-entry, x_refsource_SECTRACK
http://www.us-cert.gov/cas/techalerts/TA07-163A.htmlthird-party-advisory, x_refsource_CERT
http://www.securityfocus.com/bid/24349vdb-entry, x_refsource_BID
http://osvdb.org/35342vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/archive/1/471947/100/0/threadedvendor-advisory, x_refsource_HP
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:34:21.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:1925",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925"
          },
          {
            "name": "25619",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25619"
          },
          {
            "name": "MS07-030",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "ADV-2007-2150",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2150"
          },
          {
            "name": "visio-version-code-execution(34607)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34607"
          },
          {
            "name": "1018227",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018227"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "24349",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24349"
          },
          {
            "name": "35342",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35342"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:1925",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925"
        },
        {
          "name": "25619",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25619"
        },
        {
          "name": "MS07-030",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "ADV-2007-2150",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2150"
        },
        {
          "name": "visio-version-code-execution(34607)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34607"
        },
        {
          "name": "1018227",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018227"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "name": "24349",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24349"
        },
        {
          "name": "35342",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35342"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0934",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:1925",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925"
            },
            {
              "name": "25619",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25619"
            },
            {
              "name": "MS07-030",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "ADV-2007-2150",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2150"
            },
            {
              "name": "visio-version-code-execution(34607)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34607"
            },
            {
              "name": "1018227",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018227"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "24349",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24349"
            },
            {
              "name": "35342",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35342"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0934",
    "datePublished": "2007-06-12T19:00:00",
    "dateReserved": "2007-02-14T00:00:00",
    "dateUpdated": "2024-08-07T12:34:21.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2127
Vulnerability from cvelistv5
Published
2005-08-19 04:00
Modified
2024-08-07 22:15
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
References
http://www.kb.cert.org/vuls/id/959049third-party-advisory, x_refsource_CERT-VN
http://isc.sans.org/diary.php?date=2005-08-18x_refsource_MISC
http://www.securityfocus.com/archive/1/470690/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/72third-party-advisory, x_refsource_SREASON
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdfx_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA05-347A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052vendor-advisory, x_refsource_MS
http://www.securityfocus.com/bid/15061vdb-entry, x_refsource_BID
http://secunia.com/advisories/17223third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/16480third-party-advisory, x_refsource_SECUNIA
http://www.microsoft.com/technet/security/advisory/906267.mspxx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/34754vdb-entry, x_refsource_XF
http://secunia.com/advisories/17172third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/21895vdb-entry, x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/14594vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/17509third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA06-220A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464vdb-entry, signature, x_refsource_OVAL
http://www.kb.cert.org/vuls/id/740372third-party-advisory, x_refsource_CERT-VN
http://www.kb.cert.org/vuls/id/898241third-party-advisory, x_refsource_CERT-VN
http://securitytracker.com/id?1014727vdb-entry, x_refsource_SECTRACK
http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlthird-party-advisory, x_refsource_CERT
http://www.vupen.com/english/advisories/2005/1450vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:15:37.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#959049",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/959049"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.php?date=2005-08-18"
          },
          {
            "name": "20070606 IE 6/Microsoft Html Popup Window (mshtml.dll) DoS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/470690/100/0/threaded"
          },
          {
            "name": "72",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/72"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
          },
          {
            "name": "TA05-347A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
          },
          {
            "name": "MS05-052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052"
          },
          {
            "name": "15061",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15061"
          },
          {
            "name": "17223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17223"
          },
          {
            "name": "oval:org.mitre.oval:def:1454",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454"
          },
          {
            "name": "16480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16480"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/906267.mspx"
          },
          {
            "name": "microsoft-ie-mshtml-dos(34754)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34754"
          },
          {
            "name": "17172",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17172"
          },
          {
            "name": "oval:org.mitre.oval:def:1538",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538"
          },
          {
            "name": "Win-msdss-command-execution(21895)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21895"
          },
          {
            "name": "oval:org.mitre.oval:def:1535",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535"
          },
          {
            "name": "14594",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/14594"
          },
          {
            "name": "oval:org.mitre.oval:def:1468",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468"
          },
          {
            "name": "17509",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17509"
          },
          {
            "name": "TA06-220A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1464",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464"
          },
          {
            "name": "VU#740372",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/740372"
          },
          {
            "name": "VU#898241",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/898241"
          },
          {
            "name": "1014727",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1014727"
          },
          {
            "name": "TA05-284A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html"
          },
          {
            "name": "ADV-2005-1450",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/1450"
          },
          {
            "name": "oval:org.mitre.oval:def:1155",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the \"COM Object Instantiation Memory Corruption vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "VU#959049",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/959049"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.php?date=2005-08-18"
        },
        {
          "name": "20070606 IE 6/Microsoft Html Popup Window (mshtml.dll) DoS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/470690/100/0/threaded"
        },
        {
          "name": "72",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/72"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
        },
        {
          "name": "TA05-347A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
        },
        {
          "name": "MS05-052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052"
        },
        {
          "name": "15061",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15061"
        },
        {
          "name": "17223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17223"
        },
        {
          "name": "oval:org.mitre.oval:def:1454",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454"
        },
        {
          "name": "16480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16480"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/906267.mspx"
        },
        {
          "name": "microsoft-ie-mshtml-dos(34754)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34754"
        },
        {
          "name": "17172",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17172"
        },
        {
          "name": "oval:org.mitre.oval:def:1538",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538"
        },
        {
          "name": "Win-msdss-command-execution(21895)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21895"
        },
        {
          "name": "oval:org.mitre.oval:def:1535",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535"
        },
        {
          "name": "14594",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/14594"
        },
        {
          "name": "oval:org.mitre.oval:def:1468",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468"
        },
        {
          "name": "17509",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17509"
        },
        {
          "name": "TA06-220A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:1464",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464"
        },
        {
          "name": "VU#740372",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/740372"
        },
        {
          "name": "VU#898241",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/898241"
        },
        {
          "name": "1014727",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1014727"
        },
        {
          "name": "TA05-284A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html"
        },
        {
          "name": "ADV-2005-1450",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/1450"
        },
        {
          "name": "oval:org.mitre.oval:def:1155",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2005-2127",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the \"COM Object Instantiation Memory Corruption vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#959049",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/959049"
            },
            {
              "name": "http://isc.sans.org/diary.php?date=2005-08-18",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.php?date=2005-08-18"
            },
            {
              "name": "20070606 IE 6/Microsoft Html Popup Window (mshtml.dll) DoS",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/470690/100/0/threaded"
            },
            {
              "name": "72",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/72"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
            },
            {
              "name": "TA05-347A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
            },
            {
              "name": "MS05-052",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052"
            },
            {
              "name": "15061",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15061"
            },
            {
              "name": "17223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17223"
            },
            {
              "name": "oval:org.mitre.oval:def:1454",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454"
            },
            {
              "name": "16480",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16480"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/906267.mspx",
              "refsource": "MISC",
              "url": "http://www.microsoft.com/technet/security/advisory/906267.mspx"
            },
            {
              "name": "microsoft-ie-mshtml-dos(34754)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34754"
            },
            {
              "name": "17172",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17172"
            },
            {
              "name": "oval:org.mitre.oval:def:1538",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538"
            },
            {
              "name": "Win-msdss-command-execution(21895)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21895"
            },
            {
              "name": "oval:org.mitre.oval:def:1535",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535"
            },
            {
              "name": "14594",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/14594"
            },
            {
              "name": "oval:org.mitre.oval:def:1468",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468"
            },
            {
              "name": "17509",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17509"
            },
            {
              "name": "TA06-220A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1464",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464"
            },
            {
              "name": "VU#740372",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/740372"
            },
            {
              "name": "VU#898241",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/898241"
            },
            {
              "name": "1014727",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1014727"
            },
            {
              "name": "TA05-284A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html"
            },
            {
              "name": "ADV-2005-1450",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/1450"
            },
            {
              "name": "oval:org.mitre.oval:def:1155",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2005-2127",
    "datePublished": "2005-08-19T04:00:00",
    "dateReserved": "2005-07-02T00:00:00",
    "dateUpdated": "2024-08-07T22:15:37.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2500
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5967",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5967",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2500",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5967",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2500",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1089
Vulnerability from cvelistv5
Published
2008-04-08 23:00
Modified
2024-08-07 08:08
Severity ?
Summary
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
References
http://www.securitytracker.com/id?1019804vdb-entry, x_refsource_SECTRACK
http://www.us-cert.gov/cas/techalerts/TA08-099A.htmlthird-party-advisory, x_refsource_CERT
http://marc.info/?l=bugtraq&m=120845064910729&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2008/1143/referencesvdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5496vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=120845064910729&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/28555vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/41451vdb-entry, x_refsource_XF
http://secunia.com/advisories/29691third-party-advisory, x_refsource_SECUNIA
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019804",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019804"
          },
          {
            "name": "TA08-099A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
          },
          {
            "name": "SSRT080048",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
          },
          {
            "name": "ADV-2008-1143",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1143/references"
          },
          {
            "name": "oval:org.mitre.oval:def:5496",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5496"
          },
          {
            "name": "HPSBST02329",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
          },
          {
            "name": "28555",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28555"
          },
          {
            "name": "visio-object-header-code-execution(41451)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41451"
          },
          {
            "name": "29691",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29691"
          },
          {
            "name": "MS08-019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka \"Visio Object Header Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1019804",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019804"
        },
        {
          "name": "TA08-099A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
        },
        {
          "name": "SSRT080048",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
        },
        {
          "name": "ADV-2008-1143",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1143/references"
        },
        {
          "name": "oval:org.mitre.oval:def:5496",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5496"
        },
        {
          "name": "HPSBST02329",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
        },
        {
          "name": "28555",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28555"
        },
        {
          "name": "visio-object-header-code-execution(41451)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41451"
        },
        {
          "name": "29691",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29691"
        },
        {
          "name": "MS08-019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-1089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka \"Visio Object Header Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019804",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019804"
            },
            {
              "name": "TA08-099A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
            },
            {
              "name": "SSRT080048",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "ADV-2008-1143",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1143/references"
            },
            {
              "name": "oval:org.mitre.oval:def:5496",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5496"
            },
            {
              "name": "HPSBST02329",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "28555",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28555"
            },
            {
              "name": "visio-object-header-code-execution(41451)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41451"
            },
            {
              "name": "29691",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29691"
            },
            {
              "name": "MS08-019",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-1089",
    "datePublished": "2008-04-08T23:00:00",
    "dateReserved": "2008-02-28T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-0092
Vulnerability from cvelistv5
Published
2011-02-10 15:00
Modified
2024-08-06 21:43
Severity ?
Summary
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/64923vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2011/0321vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/516274/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008vendor-advisory, x_refsource_MS
http://www.securityfocus.com/bid/46137vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1025043vdb-entry, x_refsource_SECTRACK
http://osvdb.org/70828vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/43254third-party-advisory, x_refsource_SECUNIA
http://www.zerodayinitiative.com/advisories/ZDI-11-063/x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:43:14.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ms-visio-object-code-execution(64923)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64923"
          },
          {
            "name": "ADV-2011-0321",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0321"
          },
          {
            "name": "20110208 ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516274/100/0/threaded"
          },
          {
            "name": "MS11-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
          },
          {
            "name": "46137",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46137"
          },
          {
            "name": "1025043",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025043"
          },
          {
            "name": "70828",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70828"
          },
          {
            "name": "43254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43254"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-063/"
          },
          {
            "name": "oval:org.mitre.oval:def:12403",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka \"Visio Object Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ms-visio-object-code-execution(64923)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64923"
        },
        {
          "name": "ADV-2011-0321",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0321"
        },
        {
          "name": "20110208 ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516274/100/0/threaded"
        },
        {
          "name": "MS11-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
        },
        {
          "name": "46137",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46137"
        },
        {
          "name": "1025043",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025043"
        },
        {
          "name": "70828",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70828"
        },
        {
          "name": "43254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43254"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-063/"
        },
        {
          "name": "oval:org.mitre.oval:def:12403",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-0092",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka \"Visio Object Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ms-visio-object-code-execution(64923)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64923"
            },
            {
              "name": "ADV-2011-0321",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0321"
            },
            {
              "name": "20110208 ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516274/100/0/threaded"
            },
            {
              "name": "MS11-008",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
            },
            {
              "name": "46137",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46137"
            },
            {
              "name": "1025043",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025043"
            },
            {
              "name": "70828",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70828"
            },
            {
              "name": "43254",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43254"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-063/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-063/"
            },
            {
              "name": "oval:org.mitre.oval:def:12403",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-0092",
    "datePublished": "2011-02-10T15:00:00",
    "dateReserved": "2010-12-21T00:00:00",
    "dateUpdated": "2024-08-06T21:43:14.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2501
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5800",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:5800",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2501",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5800",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2501",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3148
Vulnerability from cvelistv5
Published
2010-08-27 18:10
Modified
2024-08-07 02:55
Severity ?
Summary
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055vendor-advisory, x_refsource_MS
http://www.vupen.com/english/advisories/2010/2192vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA11-193A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122vdb-entry, signature, x_refsource_OVAL
http://www.exploit-db.com/exploits/14744/exploit, x_refsource_EXPLOIT-DB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS11-055",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055"
          },
          {
            "name": "ADV-2010-2192",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2192"
          },
          {
            "name": "TA11-193A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7122",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122"
          },
          {
            "name": "14744",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/14744/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka \"Microsoft Visio Insecure Library Loading Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MS11-055",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055"
        },
        {
          "name": "ADV-2010-2192",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2192"
        },
        {
          "name": "TA11-193A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7122",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122"
        },
        {
          "name": "14744",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/14744/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3148",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka \"Microsoft Visio Insecure Library Loading Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS11-055",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055"
            },
            {
              "name": "ADV-2010-2192",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2192"
            },
            {
              "name": "TA11-193A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7122",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122"
            },
            {
              "name": "14744",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/14744/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3148",
    "datePublished": "2010-08-27T18:10:00",
    "dateReserved": "2010-08-27T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-44695
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-01-02 21:36
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 5511.1000
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 5511.1000
Microsoft Microsoft Visio 2016 Version: 16.0.1   < 5374.1000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:54:04.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5511.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5511.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5374.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "5511.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "5511.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5374.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2022-12-13T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T21:36:46.422Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-44695",
    "datePublished": "2022-12-13T00:00:00",
    "dateReserved": "2022-11-03T00:00:00",
    "dateUpdated": "2025-01-02T21:36:46.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-0760
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:11
Severity ?
Summary
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Microsoft Office Version: 2019 for 32-bit editions
Version: 2019 for 64-bit editions
Version: 2016 (32-bit edition)
Version: 2016 (64-bit edition)
Version: 2010 Service Pack 2 (32-bit editions)
Version: 2010 Service Pack 2 (64-bit editions)
Version: 2013 RT Service Pack 1
Version: 2013 Service Pack 1 (32-bit editions)
Version: 2013 Service Pack 1 (64-bit editions)
Microsoft Office 365 ProPlus Version: 32-bit Systems
Version: 64-bit Systems
Microsoft Microsoft Excel Version: 2016 (32-bit edition)
Version: 2016 (64-bit edition)
Version: 2010 Service Pack 2 (32-bit editions)
Version: 2010 Service Pack 2 (64-bit editions)
Version: 2013 RT Service Pack 1
Version: 2013 Service Pack 1 (32-bit editions)
Version: 2013 Service Pack 1 (64-bit editions)
Microsoft Microsoft PowerPoint Version: 2016 (32-bit edition)
Version: 2016 (64-bit edition)
Version: 2010 Service Pack 2 (32-bit editions)
Version: 2010 Service Pack 2 (64-bit editions)
Version: 2013 RT Service Pack 1
Version: 2013 Service Pack 1 (32-bit editions)
Version: 2013 Service Pack 1 (64-bit editions)
Microsoft Microsoft Visio Version: 2016 (32-bit edition)
Version: 2016 (64-bit edition)
Version: 2010 Service Pack 2 (32-bit editions)
Version: 2010 Service Pack 2 (64-bit editions)
Version: 2013 Service Pack 1 (64-bit editions)
Version: 2013 Service Pack 1 (32-bit editions)
Microsoft Microsoft Word Version: 2016 (32-bit edition)
Version: 2016 (64-bit edition)
Version: 2010 Service Pack 2 (32-bit editions)
Version: 2010 Service Pack 2 (64-bit editions)
Version: 2013 RT Service Pack 1
Version: 2013 Service Pack 1 (32-bit editions)
Version: 2013 Service Pack 1 (64-bit editions)
Microsoft Microsoft Publisher 2016 (32-bit edition) Version: unspecified
Microsoft Microsoft Publisher 2016 (64-bit edition) Version: unspecified
Microsoft Microsoft Access Version: 2016 (32-bit edition)
Version: 2016 (64-bit edition)
Version: 2013 Service Pack 1 (64-bit editions)
Version: 2013 Service Pack 1 (32-bit editions)
Version: 2010 Service Pack 2 (32-bit editions)
Version: 2010 Service Pack 2 (64-bit editions)
Microsoft Microsoft Outlook Version: 2016 (32-bit edition)
Version: 2016 (64-bit edition)
Version: 2013 Service Pack 1 (32-bit editions)
Version: 2013 Service Pack 1 (64-bit editions)
Version: 2013 RT Service Pack 1
Version: 2010 Service Pack 2 (64-bit editions)
Version: 2010 Service Pack 2 (32-bit editions)
Microsoft Microsoft Publisher 2013 Service Pack 1 (32-bit editions) Version: unspecified
Microsoft Microsoft Publisher 2013 Service Pack 1 (64-bit editions) Version: unspecified
Microsoft Microsoft Publisher Version: 2010 Service Pack 2 (64-bit editions)
Version: 2010 Service Pack 2 (32-bit editions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:05.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Project",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019 for 32-bit editions"
            },
            {
              "status": "affected",
              "version": "2019 for 64-bit editions"
            },
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 RT Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            }
          ]
        },
        {
          "product": "Office 365 ProPlus",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "32-bit Systems"
            },
            {
              "status": "affected",
              "version": "64-bit Systems"
            }
          ]
        },
        {
          "product": "Microsoft Excel",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 RT Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft PowerPoint",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 RT Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft Visio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft Word",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 RT Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft Publisher 2016 (32-bit edition)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Publisher 2016 (64-bit edition)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Access",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft Outlook",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 RT Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft Publisher 2013 Service Pack 1 (32-bit editions)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Publisher 2013 Service Pack 1 (64-bit editions)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Publisher",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0991."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T15:12:40",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0760",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Project",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          },
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019 for 32-bit editions"
                          },
                          {
                            "version_value": "2019 for 64-bit editions"
                          },
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 RT Service Pack 1"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Office 365 ProPlus",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "32-bit Systems"
                          },
                          {
                            "version_value": "64-bit Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Excel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 RT Service Pack 1"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft PowerPoint",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 RT Service Pack 1"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Word",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 RT Service Pack 1"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Publisher 2016 (32-bit edition)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Publisher 2016 (64-bit edition)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Access",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Outlook",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 RT Service Pack 1"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Publisher 2013 Service Pack 1 (32-bit editions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Publisher 2013 Service Pack 1 (64-bit editions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Publisher",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0991."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0760",
    "datePublished": "2020-04-15T15:12:40",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:11:05.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3235
Vulnerability from cvelistv5
Published
2016-06-16 01:00
Modified
2024-08-05 23:47
Severity ?
Summary
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
References
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.htmlx_refsource_MISC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070vendor-advisory, x_refsource_MS
http://www.securityfocus.com/archive/1/538685/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securitytracker.com/id/1036093vdb-entry, x_refsource_SECTRACK
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.htmlx_refsource_MISC
http://seclists.org/fulldisclosure/2016/Jun/32mailing-list, x_refsource_FULLDISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:58.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html"
          },
          {
            "name": "MS16-070",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
          },
          {
            "name": "20160615 Microsoft Visio multiple DLL side loading vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538685/100/0/threaded"
          },
          {
            "name": "1036093",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036093"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html"
          },
          {
            "name": "20160615 Microsoft Visio multiple DLL side loading vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Jun/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html"
        },
        {
          "name": "MS16-070",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
        },
        {
          "name": "20160615 Microsoft Visio multiple DLL side loading vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538685/100/0/threaded"
        },
        {
          "name": "1036093",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036093"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html"
        },
        {
          "name": "20160615 Microsoft Visio multiple DLL side loading vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Jun/32"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-3235",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html",
              "refsource": "MISC",
              "url": "https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html"
            },
            {
              "name": "MS16-070",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
            },
            {
              "name": "20160615 Microsoft Visio multiple DLL side loading vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538685/100/0/threaded"
            },
            {
              "name": "1036093",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036093"
            },
            {
              "name": "http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html"
            },
            {
              "name": "20160615 Microsoft Visio multiple DLL side loading vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Jun/32"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2016-3235",
    "datePublished": "2016-06-16T01:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:58.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-43463
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43463vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Visio 2016 Version: 16.0.1   < 16.0.5465.1001
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T18:52:38.273331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T18:53:41.566Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5465.1001",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5465.1001",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-09-10T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T23:02:56.552Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43463"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-43463",
    "datePublished": "2024-09-10T16:53:49.777Z",
    "dateReserved": "2024-08-14T01:08:33.516Z",
    "dateUpdated": "2024-12-31T23:02:56.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-21741
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:35
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21741vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 15.0.5519.1000
Microsoft Microsoft Visio 2013 Service Pack 1 Version: 15.0.1   < 15.0.5519.1000
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Office 2019 Version: 19.0.0   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Visio 2016 Version: 16.0.1   < 16.0.5378.1000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:49.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Visio Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21741"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5519.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5519.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5378.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5519.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5519.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5378.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:35:55.873Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21741"
        }
      ],
      "title": "Microsoft Office Visio Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21741",
    "datePublished": "2023-01-10T00:00:00",
    "dateReserved": "2022-12-13T00:00:00",
    "dateUpdated": "2025-01-01T00:35:55.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2004-09-28 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109524346729948&w=2
cve@mitre.orghttp://www.kb.cert.org/vuls/id/297462US Government Resource
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-260A.htmlUS Government Resource
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16304
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109524346729948&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/297462US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-260A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16304
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307
Impacted products
Vendor Product Version
microsoft .net_framework 1.0
microsoft digital_image_pro 7.0
microsoft digital_image_pro 9
microsoft digital_image_suite 9
microsoft excel 2002
microsoft excel 2003
microsoft frontpage 2002
microsoft frontpage 2003
microsoft greetings 2002
microsoft infopath 2003
microsoft office 2003
microsoft office xp
microsoft onenote 2003
microsoft outlook 2002
microsoft outlook 2003
microsoft picture_it 7.0
microsoft picture_it 9
microsoft picture_it 2002
microsoft powerpoint 2002
microsoft powerpoint 2003
microsoft producer *
microsoft project 2002
microsoft project 2003
microsoft publisher 2002
microsoft publisher 2003
microsoft visio 2002
microsoft visio 2003
microsoft visual_basic 2002
microsoft visual_basic 2003
microsoft visual_c\# 2002
microsoft visual_c\# 2003
microsoft visual_c\+\+ 2002
microsoft visual_c\+\+ 2003
microsoft visual_j\#_.net 2003
microsoft visual_studio_.net 2002
microsoft visual_studio_.net 2003
microsoft word 2002
microsoft word 2003
microsoft windows_2003_server r2
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:sp2:sdk:*:*:*:*:*",
              "matchCriteriaId": "644D1C0E-482D-4C6D-AE9D-6B1F99306BC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:digital_image_pro:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DED35E4C-1108-44AE-BA55-A008EB9864ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:digital_image_pro:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCC28680-6FA1-424A-BB8D-5E37E04D4089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:digital_image_suite:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "370835D5-D28A-4961-B1B4-72E889596D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:greetings:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "69AFBA4D-6F42-4ED9-9DF4-4A9C29B3ED8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:picture_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D85EB5B-A9FE-497E-9922-6D6BDD0C6975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:picture_it:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A27F0EA6-C023-47C5-8F26-7E8A665533F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:picture_it:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "337555B3-6318-41FE-9AD7-6CEAA46F0DF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:producer:*:gold:office_powerpoints:*:*:*:*:*",
              "matchCriteriaId": "999276CD-D074-4AB1-A53E-5133A3B7BFF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:2002:*:.net_standard:*:*:*:*:*",
              "matchCriteriaId": "B3B633A9-519A-4179-9F10-3C2C5C9BA6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:2003:*:.net_standard:*:*:*:*:*",
              "matchCriteriaId": "D6D51C0E-BFF4-46A0-A8FD-45BE591DA347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\#:2002:*:.net_standard:*:*:*:*:*",
              "matchCriteriaId": "1A1D8127-80AC-4D5B-9D1C-DA2406EF6666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\#:2003:*:.net_standard:*:*:*:*:*",
              "matchCriteriaId": "8916C0DE-2759-4F97-B7D7-0BCFDC41AB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2002:*:.net_standard:*:*:*:*:*",
              "matchCriteriaId": "F1090984-34A7-4A21-B903-3FF5E5AB7D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2003:*:.net_standard:*:*:*:*:*",
              "matchCriteriaId": "A0BED5B2-5F57-4FC8-8B51-908A311B480B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_j\\#_.net:2003:*:.net_standard:*:*:*:*:*",
              "matchCriteriaId": "CC13A32B-5F2A-42A4-95B5-D13EE78F013B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:gold:*:*:*:*:*:*",
              "matchCriteriaId": "E17BD019-DD35-413E-ACBA-2E77C8A1247D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*",
              "matchCriteriaId": "B9E6C132-4F4B-4FB0-9DDC-DD9750D8552D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
              "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
              "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un campo de longitud JPEG COM peque\u00f1o que es normalizado a una longitud de entero grande antes de una operaci\u00f3n de copia de memoria."
    }
  ],
  "id": "CVE-2004-0200",
  "lastModified": "2024-11-20T23:47:59.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-09-28T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/297462"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/297462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-05-06 12:47
Modified
2024-11-21 01:14
Severity ?
Summary
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
References
cve@mitre.orghttp://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow
cve@mitre.orghttp://www.exploit-db.com/exploits/14944
cve@mitre.orghttp://www.securityfocus.com/archive/1/511121/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/39836Patch
cve@mitre.orghttp://www.securitytracker.com/id?1023938
af854a3a-2127-422b-91ae-364da2661108http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/14944
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/511121/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/39836Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023938
Impacted products
Vendor Product Version
microsoft visio 2002
microsoft visio 2003
microsoft visio 2007
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6C98FD6E-B9EA-4231-8127-31A8D2D25040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E822A55C-0440-4622-9284-A5DF70D49C63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00faffer basado en pila en VISIODWG.DLL anterior a v10.0.6880.4 en Microsoft Office Visio permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo DXF manipulado, una vulnerabilidad diferente de CVE-2010-0254 y CVE-2010-0256."
    }
  ],
  "id": "CVE-2010-1681",
  "lastModified": "2024-11-21T01:14:58.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-05-06T12:47:23.753",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/14944"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/511121/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/39836"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.coresecurity.com/content/ms-visio-dxf-buffer-overflow"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/14944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/511121/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/39836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023938"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-09-11 01:11
Modified
2024-11-21 00:48
Severity ?
Summary
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
References
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://secunia.com/advisories/32154
secure@microsoft.comhttp://www.securityfocus.com/bid/31021
secure@microsoft.comhttp://www.securitytracker.com/id?1020837
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2520
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2696
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32154
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31021
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020837
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2520
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2696
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004
Impacted products
Vendor Product Version
microsoft digital_image_suite 2006
microsoft forefront_client_security 1.0
microsoft internet_explorer 6
microsoft office 2003
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_powerpoint_viewer 2003
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft server 2008
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft visio 2002
microsoft works 8.0
microsoft server 2003
microsoft server 2003
microsoft windows-nt vista
microsoft windows-nt xp
microsoft windows_vista -
microsoft windows_xp -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F42695-7FB7-4C43-A9A7-8A234B6E5937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*",
              "matchCriteriaId": "E438882E-1AAE-477E-B885-D4E95D2AE88A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5440EF5-462B-4BAC-AF60-44C5D649D0D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "033138E1-82C7-443C-89C1-23D8032674CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E84216-227B-4074-B65B-6AA399D4A8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:server:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE680C6-F940-4095-BDD5-05CBD8DA14DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:server:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4997ED74-FF5F-43AC-BA74-4DD6B96DEA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:server:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C4AC635E-5246-4200-9EC1-81D0F2072934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:*:gold:*:*:*:*:*",
              "matchCriteriaId": "85442DDD-DFB0-455D-8078-EFE49ABC60B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en gdiplus.dll en GDI+ en Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold  y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security 1.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de imagen WMF que lanza una asignaci\u00f3n de memoria inadecuada, tambi\u00e9n conocida como \"Vulnerabilidad GDI+ WMF Buffer Overrun\"."
    }
  ],
  "id": "CVE-2008-3014",
  "lastModified": "2024-11-21T00:48:13.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-11T01:11:47.117",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/31021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020837"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-09-11 01:11
Modified
2024-11-21 00:48
Severity ?
Summary
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://secunia.com/advisories/32154
secure@microsoft.comhttp://www.securityfocus.com/bid/31019
secure@microsoft.comhttp://www.securitytracker.com/id?1020835
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2520
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2696
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32154
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31019
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020835
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2520
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2696
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040
Impacted products
Vendor Product Version
microsoft digital_image_suite 2006
microsoft forefront_client_security 1.0
microsoft internet_explorer 6
microsoft office 2003
microsoft office 2003
microsoft office xp
microsoft office_powerpoint_viewer 2003
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft server 2008
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft visio 2002
microsoft works 8.0
microsoft office_system *
microsoft office_system *
microsoft windows 2003_server
microsoft windows 2003_server
microsoft windows-nt vista
microsoft windows-nt xp
microsoft windows_vista -
microsoft windows_xp -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F42695-7FB7-4C43-A9A7-8A234B6E5937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5440EF5-462B-4BAC-AF60-44C5D649D0D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "033138E1-82C7-443C-89C1-23D8032674CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E84216-227B-4074-B65B-6AA399D4A8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:server:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE680C6-F940-4095-BDD5-05CBD8DA14DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "D08AE69C-A8E4-4291-AE45-C311BA8168D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9E27318C-A079-40D4-8994-96C6809CA1FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "CFC4CDAF-F0C4-4B7D-9692-5E73C489F5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:2003_server:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "6265A492-BDB8-4A41-A5D1-9947C8EF002E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:*:gold:*:*:*:*:*",
              "matchCriteriaId": "85442DDD-DFB0-455D-8078-EFE49ABC60B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "gdiplus.dll en GDI+ de Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008 y Forefront Client Security 1.0 no realiza correctamente la asignaci\u00f3n de memoria, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo de imagen EMF mal formado, tambi\u00e9n conocido como \"GDI+ EMF Memory Corruption Vulnerability (Vulnerabilidad de Corrupci\u00f3n de Memoria GDI+EMF)\"."
    }
  ],
  "id": "CVE-2008-3012",
  "lastModified": "2024-11-21T00:48:13.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-11T01:11:47.087",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/31019"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020835"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.securityfocus.com/bid/92803
secure@microsoft.comhttp://www.securitytracker.com/id/1036785
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92803
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036785
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107
Impacted products
Vendor Product Version
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Visio 2016 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2016-3364",
  "lastModified": "2024-11-21T02:49:52.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-14T10:59:38.530",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/92803"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1036785"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-02-08 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
References
cve@mitre.orghttp://www.kb.cert.org/vuls/id/416001Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA05-039A.htmlPatch, Third Party Advisory, US Government Resource
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/19107
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/416001Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlPatch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/19107
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022
Impacted products
Vendor Product Version
microsoft office *
microsoft office xp
microsoft office xp
microsoft office xp
microsoft powerpoint 2002
microsoft powerpoint 2002
microsoft powerpoint 2002
microsoft powerpoint 2002
microsoft project 2002
microsoft project 2002
microsoft visio 2002
microsoft visio 2002
microsoft visio 2002
microsoft visio 2002
microsoft visio 2002
microsoft word 2002
microsoft word 2002
microsoft word 2002
microsoft word 2002
microsoft works 2002
microsoft works 2003
microsoft works 2004


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AD45BF-8A91-4C87-AF15-D38D8468A4C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5AB85A3C-EFA3-485D-84C5-7976718AEAE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9D02D769-061D-44A5-B019-F4E653DF615A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "054BA29C-3320-475D-95AE-996BAA04D464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B3DC15E7-F1C3-42D0-AE3E-DDF6300FCD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "34C63AE5-4584-4A51-B20D-36FA6DE01C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE2D3E0-49E4-410E-B63A-753BDE8995BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E24DF34-F4A8-4C28-9593-F019FE3E3BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "70D447B9-4604-447C-88FC-F5DC8F77603C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:professional:*:*:*:*:*",
              "matchCriteriaId": "E8EA76E1-B871-4B80-8991-8BB912D30246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:standard:*:*:*:*:*",
              "matchCriteriaId": "18818BE4-2ADB-49D6-8CB1-89C1E27D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "51A706AF-333A-4492-B947-A3BA2556F4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4B90E94C-839A-40B9-A408-6B396EB26102",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "F02894C4-57A7-45FE-B9D2-1A0EE3ABA455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "17037BD9-742D-42E2-98CC-C764E6F71957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B77363A-53A3-4CFC-87E0-B7D33445ACEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98B6FDD-E9AA-49A4-8D9C-422DF5520A66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) \"%00 (null byte) in .doc filenames or (2) \"%0a\" (carriage return) in .rtf filenames."
    }
  ],
  "id": "CVE-2004-0848",
  "lastModified": "2024-11-20T23:49:33.777",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-02-08T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/416001"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19107"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/416001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-09-11 01:11
Modified
2024-11-21 00:48
Severity ?
Summary
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
References
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://secunia.com/advisories/32154Vendor Advisory
secure@microsoft.comhttp://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
secure@microsoft.comhttp://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt
secure@microsoft.comhttp://www.securityfocus.com/archive/1/496153/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/31022
secure@microsoft.comhttp://www.securitytracker.com/id?1020838
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2520Vendor Advisory
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2696Vendor Advisory
secure@microsoft.comhttp://www.zerodayinitiative.com/advisories/ZDI-08-055
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881
secure@microsoft.comhttps://www.exploit-db.com/exploits/6619
secure@microsoft.comhttps://www.exploit-db.com/exploits/6716
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32154Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
af854a3a-2127-422b-91ae-364da2661108http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/496153/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31022
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020838
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2520Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2696Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-08-055
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/6619
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/6716
Impacted products
Vendor Product Version
microsoft digital_image_suite 2006
microsoft forefront_client_security 1.0
microsoft office 2003
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_powerpoint_viewer 2003
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft visio 2002
microsoft works 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F42695-7FB7-4C43-A9A7-8A234B6E5937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*",
              "matchCriteriaId": "E438882E-1AAE-477E-B885-D4E95D2AE88A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5440EF5-462B-4BAC-AF60-44C5D649D0D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "033138E1-82C7-443C-89C1-23D8032674CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E84216-227B-4074-B65B-6AA399D4A8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka \"GDI+ BMP Integer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de enteros en la biblioteca gdiplus.dll en GDI+ en Office XP SP3, Office 2003 SP2 y SP3, 2007, de Microsoft; Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2 , SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security versi\u00f3n 1.0, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de imagen BMP con una BitMapInfoHeader malformada que desencadena un desbordamiento de b\u00fafer, tambi\u00e9n se conoce como \"GDI+ BMP Integer Overflow Vulnerability.\""
    }
  ],
  "id": "CVE-2008-3015",
  "lastModified": "2024-11-21T00:48:14.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-11T01:11:47.147",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/31022"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020838"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/6619"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/6716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6716"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-04-08 23:05
Modified
2024-11-21 00:43
Severity ?
Summary
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
References
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=120845064910729&w=2
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=120845064910729&w=2
secure@microsoft.comhttp://secunia.com/advisories/29691Vendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/bid/28555Patch
secure@microsoft.comhttp://www.securitytracker.com/id?1019804
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-099A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/1143/references
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41451
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5496
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=120845064910729&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=120845064910729&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29691Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28555Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019804
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-099A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1143/references
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41451
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5496
Impacted products
Vendor Product Version
microsoft office 2003
microsoft office 2003
microsoft office 2007
microsoft office 2007_sp1
microsoft office xp
microsoft visio 2002
microsoft visio 2003
microsoft visio 2003_sp3
microsoft visio 2007
microsoft visio 2007_sp1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4142D44F-26F2-467B-A7DE-00239C0013D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9D02D769-061D-44A5-B019-F4E653DF615A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6FBEFBED-72F3-447B-8164-9E5C16828484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003_sp3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70415FAE-E313-4F76-961D-A259651CFC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "C27CD3D6-9893-4522-B70F-F69A6E4A9CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "344E501A-B7A4-4309-AD7A-CA7A8A05D82D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka \"Visio Object Header Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Microsoft Visio 2002 SP2, 2003 SP2 y SP3, y 2007  SP1, permite a atacantes asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Visio que contiene  datos del objeto de cabecera manipulados, tambi\u00e9n conocida como \"Vulnerabilidad de Objeto de Cabecera de Visio\"."
    }
  ],
  "id": "CVE-2008-1089",
  "lastModified": "2024-11-21T00:43:39.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-08T23:05:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29691"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28555"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019804"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/1143/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41451"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1143/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5496"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-09-13 19:15
Modified
2024-11-21 07:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010
Impacted products
Vendor Product Version
microsoft 365_apps -
microsoft 365_apps -
microsoft office 2019
microsoft office 2019
microsoft office_long_term_servicing_channel 2021
microsoft office_long_term_servicing_channel 2021
microsoft visio 2013
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
              "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
              "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
              "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
              "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*",
              "matchCriteriaId": "75F7306B-D1DA-48C2-AF87-4480E161D794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*",
              "matchCriteriaId": "BA9BCD55-F71E-4920-B906-A1386843776A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de Microsoft Office Visio. Este ID de CVE es diferente de CVE-2022-37963"
    }
  ],
  "id": "CVE-2022-38010",
  "lastModified": "2024-11-21T07:15:34.063",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-13T19:15:12.707",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-09-11 01:01
Modified
2024-11-21 00:37
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
References
secure@microsoft.comhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://secunia.com/advisories/32154Vendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/bid/31018
secure@microsoft.comhttp://www.securitytracker.com/id?1020834
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2520Vendor Advisory
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2696Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32154Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31018
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020834
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2520Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2696Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055
Impacted products
Vendor Product Version
microsoft digital_image_suite 2006
microsoft forefront_client_security 1.0
microsoft internet_explorer 6
microsoft office 2003
microsoft office 2003
microsoft office xp
microsoft office_powerpoint_viewer 2003
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft server 2008
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft visio 2002
microsoft works 8.0
microsoft office_system *
microsoft office_system *
microsoft windows 2003_server
microsoft windows 2003_server
microsoft windows-nt vista
microsoft windows-nt xp
microsoft windows_vista -
microsoft windows_xp -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F42695-7FB7-4C43-A9A7-8A234B6E5937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5440EF5-462B-4BAC-AF60-44C5D649D0D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "033138E1-82C7-443C-89C1-23D8032674CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E84216-227B-4074-B65B-6AA399D4A8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:server:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE680C6-F940-4095-BDD5-05CBD8DA14DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "D08AE69C-A8E4-4291-AE45-C311BA8168D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9E27318C-A079-40D4-8994-96C6809CA1FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "CFC4CDAF-F0C4-4B7D-9692-5E73C489F5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:2003_server:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "6265A492-BDB8-4A41-A5D1-9947C8EF002E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:*:gold:*:*:*:*:*",
              "matchCriteriaId": "85442DDD-DFB0-455D-8078-EFE49ABC60B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en GDI+ en Microsoft Internet Explorer versi\u00f3n 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works versi\u00f3n 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security versi\u00f3n 1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de imagen con tama\u00f1o degradado creados en la entrada de relleno de degradado, que activa un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria relacionado con las bibliotecas GdiPlus.dll y VGX.DLL, tambi\u00e9n se conoce como \"GDI+ VML Buffer Overrun Vulnerability.\""
    }
  ],
  "id": "CVE-2007-5348",
  "lastModified": "2024-11-21T00:37:42.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-11T01:01:19.430",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/31018"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020834"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft excel 2016
microsoft office 2016
microsoft office 2019
microsoft office 2021
microsoft powerpoint 2016
microsoft publisher 2016
microsoft skype_for_business 2016
microsoft visio 2016
microsoft word 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2016:*:-:*:-:*:-:*",
              "matchCriteriaId": "DC9D0A78-9F16-41E0-910E-E93269DB9B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:click-to-run:*:*:*",
              "matchCriteriaId": "2C3B58F9-4BF5-4692-BBCB-1963A0A16CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*",
              "matchCriteriaId": "25D63F31-2978-4C24-B7CA-6A0398012700",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3AA120-CE06-40A3-ADC4-C42077509287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "D499807D-91F3-447D-B9F0-D612898C9339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Office"
    }
  ],
  "id": "CVE-2024-20673",
  "lastModified": "2024-11-21T08:52:53.537",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-13T18:15:47.557",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-693"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen PNG manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de b\u00fafer basado en pila GDI+ PNG\"."
    }
  ],
  "id": "CVE-2009-2501",
  "lastModified": "2024-11-21T01:05:01.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.360",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-02-10 16:00
Modified
2024-11-21 01:23
Severity ?
Summary
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://osvdb.org/70828
secure@microsoft.comhttp://secunia.com/advisories/43254Vendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/archive/1/516274/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/46137
secure@microsoft.comhttp://www.securitytracker.com/id?1025043
secure@microsoft.comhttp://www.vupen.com/english/advisories/2011/0321Vendor Advisory
secure@microsoft.comhttp://www.zerodayinitiative.com/advisories/ZDI-11-063/
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/64923
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/70828
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43254Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516274/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46137
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025043
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0321Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-11-063/
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64923
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403
Impacted products
Vendor Product Version
microsoft visio 2002
microsoft visio 2003
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E822A55C-0440-4622-9284-A5DF70D49C63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka \"Visio Object Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La funcionalidad de descompresi\u00f3n de transmisi\u00f3n LZW en la biblioteca ORMELEMS.DLL en Visio 2002 SP2, 2003 SP3 y 2007 SP2 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Visio con una transmisi\u00f3n VisioDocument malformada que activa a un manejador de excepciones que tiene acceso a un objeto que no ha sido inicializado completamente, lo que desencadena una corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \"Visio Object Memory Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2011-0092",
  "lastModified": "2024-11-21T01:23:18.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-10T16:00:31.833",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/70828"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43254"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/516274/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/46137"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025043"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0321"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-063/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64923"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516274/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-063/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12403"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-12-13 19:15
Modified
2024-11-21 07:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695
Impacted products
Vendor Product Version
microsoft 365_apps -
microsoft 365_apps -
microsoft office 2019
microsoft office 2019
microsoft office 2021
microsoft office 2021
microsoft visio 2013
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
              "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
              "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
              "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
              "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*",
              "matchCriteriaId": "1AC0C23F-FC55-4DA1-8527-EB4432038FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*",
              "matchCriteriaId": "A719B461-7869-46D0-9300-D0A348DC26A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Office Visio"
    }
  ],
  "id": "CVE-2022-44695",
  "lastModified": "2024-11-21T07:28:20.130",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-13T19:15:14.213",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-08-27 19:00
Modified
2024-11-21 01:18
Severity ?
Summary
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
References
cve@mitre.orghttp://www.exploit-db.com/exploits/14744/Exploit
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA11-193A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/2192
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/14744/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA11-193A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2192
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122
Impacted products
Vendor Product Version
microsoft visio 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka \"Microsoft Visio Insecure Library Loading Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Microsoft Visio 2003 permite a usuarios locales, y puede que atacantes remotos, ejecutar c\u00f3digo de su elecci\u00f3n y producir un ataque de secuestro de DLL, a trav\u00e9s de un troyano mfc71enu.dll que est\u00e1 ubicado en la misma carpeta que un fichero .vtx."
    }
  ],
  "id": "CVE-2010-3148",
  "lastModified": "2024-11-21T01:18:08.553",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-27T19:00:18.677",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14744/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/2192"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14744/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-01-10 22:15
Modified
2024-11-21 07:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21736
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21736
Impacted products
Vendor Product Version
microsoft 365_apps -
microsoft office 2019
microsoft office_long_term_servicing_channel 2021
microsoft visio 2013
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  ],
  "id": "CVE-2023-21736",
  "lastModified": "2024-11-21T07:43:32.343",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-10T22:15:17.537",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21736"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-681"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2024-11-21 00:19
Severity ?
Summary
Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
References
secure@microsoft.comhttp://secunia.com/advisories/23671Third Party Advisory
secure@microsoft.comhttp://securitytracker.com/id?1017486Third Party Advisory
secure@microsoft.comhttp://www.osvdb.org/31251Broken Link
secure@microsoft.comhttp://www.securityfocus.com/archive/1/457274/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/457274/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/21942Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.vupen.com/english/advisories/2007/0102Third Party Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23671Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017486Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/31251Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/457274/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/457274/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21942Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0102Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001
Impacted products
Vendor Product Version
microsoft office 2003
microsoft office_multilingual_user_interface_pack 2003
microsoft office_proofing_tools 2003
microsoft project_multilingual_user_interface_pack 2003
microsoft visio 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:pt:*:*:*:*",
              "matchCriteriaId": "5048BD63-1415-4388-AD57-1E49B4156B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_multilingual_user_interface_pack:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C03D52AB-538B-4C40-9F2D-A908B1B5B315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_proofing_tools:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "759A51CC-40C4-40C1-B548-CBFBF9C8C3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project_multilingual_user_interface_pack:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "84942FA4-57BA-4AD5-B711-DED4BCAA6388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp2:multilingual_user_interface_pack:*:*:*:*:*",
              "matchCriteriaId": "35B9D3B1-2E37-4888-A98E-A5DB752AE2BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Brazilian Portuguese Grammar Checker en Microsoft Office 2003 y el Multilingual Interface para Office 2003, Project 2003, y Visio 2003 permite a un atacante remoto con la intervenci\u00f3n de un usuario ejecutar c\u00f3digo de su elecci\u00f3n analizando sintacticamente texto manipulado."
    }
  ],
  "evaluatorSolution": "If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.",
  "id": "CVE-2006-5574",
  "lastModified": "2024-11-21T00:19:47.037",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-12-31T05:00:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/23671"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securitytracker.com/id?1017486"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/31251"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/21942"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0102"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/23671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securitytracker.com/id?1017486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/31251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/21942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-04-14 16:00
Modified
2024-11-21 01:11
Severity ?
Summary
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA10-103A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732
Impacted products
Vendor Product Version
microsoft visio 2002
microsoft visio 2003
microsoft visio 2007
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6C98FD6E-B9EA-4231-8127-31A8D2D25040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E822A55C-0440-4622-9284-A5DF70D49C63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Visio Index Calculation Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 y SP2 no calcula adecuadamente \u00edndices no especificado asociados con ficheros Visio, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero manipulado, conocido como \"Visio Index Calculation Memory Corruption Vulnerability.\""
    }
  ],
  "evaluatorImpact": "Per: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx\r\n\r\n\u0027Users of Microsoft Office Visio 2002 and later versions of Visio will be prompted with Open, Save, or Cancel before opening a document. This is a mitigating factor because the vulnerability requires more than a single user action to complete the exploit.\u0027",
  "id": "CVE-2010-0256",
  "lastModified": "2024-11-21T01:11:51.280",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-04-14T16:00:01.570",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6732"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=106262077829157&w=2
cve@mitre.orghttp://secunia.com/advisories/9666
cve@mitre.orghttp://www.kb.cert.org/vuls/id/804780US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/8534Exploit, Patch, Vendor Advisory
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=106262077829157&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/9666
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/804780US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/8534Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037
Impacted products
Vendor Product Version
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office xp
microsoft office xp
microsoft office xp
microsoft project 2000
microsoft project 2002
microsoft visio 2002
microsoft visual_basic 5.0
microsoft visual_basic 6.2
microsoft visual_basic 6.2
microsoft visual_basic 6.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9A82D13-513C-46FA-AF51-0582233E230A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "67388076-420D-4327-A436-329177EA6F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5AB85A3C-EFA3-485D-84C5-7976718AEAE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9D02D769-061D-44A5-B019-F4E653DF615A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F09162C-01F0-4056-94D3-995713F92AE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE2D3E0-49E4-410E-B63A-753BDE8995BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:*:professional:*:*:*:*:*",
              "matchCriteriaId": "463C1D59-15E8-4727-A6F0-A37DB8A26FBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:5.0:*:sdk:*:*:*:*:*",
              "matchCriteriaId": "85AD2DEE-8379-4690-9B62-37CE3318638C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCB1E40-3D5C-484C-AA62-94190ED2361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:6.2:*:sdk:*:*:*:*:*",
              "matchCriteriaId": "BAB746EB-4682-4667-8600-BB2EC53EB3F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:6.3:*:sdk:*:*:*:*:*",
              "matchCriteriaId": "29FB6C91-0F7F-46BE-B1ED-58B9A1471C23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter."
    }
  ],
  "id": "CVE-2003-0347",
  "lastModified": "2024-11-20T23:44:31.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106262077829157\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/9666"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/804780"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8534"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106262077829157\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/9666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/804780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-04-14 16:00
Modified
2024-11-21 01:11
Severity ?
Summary
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA10-103A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819
Impacted products
Vendor Product Version
microsoft visio 2002
microsoft visio 2003
microsoft visio 2007
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6C98FD6E-B9EA-4231-8127-31A8D2D25040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E822A55C-0440-4622-9284-A5DF70D49C63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Visio Attribute Validation Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 y SP2 bi vakuda adecuadamente los atributos en los ficheros Visio, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero manipulado, conocido como \"Visio Attribute Validation Memory Corruption Vulnerability.\""
    }
  ],
  "evaluatorImpact": "Per: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx\r\n\r\n\u0027Users of Microsoft Office Visio 2002 and later versions of Visio will be prompted with Open, Save, or Cancel before opening a document. This is a mitigating factor because the vulnerability requires more than a single user action to complete the exploit.\u0027",
  "id": "CVE-2010-0254",
  "lastModified": "2024-11-21T01:11:51.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-04-14T16:00:01.540",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6819"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-14 01:59
Modified
2024-11-21 02:27
Severity ?
Summary
Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.securitytracker.com/id/1033803Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.zerodayinitiative.com/advisories/ZDI-15-519Third Party Advisory, VDB Entry
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033803Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-15-519Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110
Impacted products
Vendor Product Version
microsoft visio 2007
microsoft visio 2010


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "387D78BD-2368-4525-BFC2-52149585E1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en Microsoft Visio 2007 SP3 y 2010 SP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos UML manipulados en un documento Office, tambi\u00e9n conocido como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
    }
  ],
  "id": "CVE-2015-2557",
  "lastModified": "2024-11-21T02:27:36.140",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-10-14T01:59:12.123",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033803"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-519"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen TIFF manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de b\u00fafer GDI+ TIFF\"."
    }
  ],
  "id": "CVE-2009-2502",
  "lastModified": "2024-11-21T01:05:01.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2009-10-14T10:30:01.390",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 no localiza adecuadamente un b\u00fafer sin especificar, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen TIFF que inicia una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria GDI+ TIFF\""
    }
  ],
  "id": "CVE-2009-2503",
  "lastModified": "2024-11-21T01:05:02.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.407",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-09-11 01:11
Modified
2024-11-21 00:48
Severity ?
Summary
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
References
secure@microsoft.comhttp://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=122235754013992&w=2
secure@microsoft.comhttp://secunia.com/advisories/32154Vendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/archive/1/496154/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/31020
secure@microsoft.comhttp://www.securitytracker.com/id?1020836
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2520Vendor Advisory
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2696Vendor Advisory
secure@microsoft.comhttp://www.zerodayinitiative.com/advisories/ZDI-08-056
secure@microsoft.comhttp://www.zerodayinitiative.com/advisories/ZDI-08-056/
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986
af854a3a-2127-422b-91ae-364da2661108http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122235754013992&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32154Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/496154/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31020
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020836
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2520Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2696Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-08-056
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-08-056/
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986
Impacted products
Vendor Product Version
microsoft digital_image_suite 2006
microsoft forefront_client_security 1.0
microsoft internet_explorer 6
microsoft office 2003
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft powerpoint_viewer 2003
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft visio 2002
microsoft works 8.0
microsoft windows_server_2008 -
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F42695-7FB7-4C43-A9A7-8A234B6E5937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*",
              "matchCriteriaId": "E438882E-1AAE-477E-B885-D4E95D2AE88A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "11499249-45FC-4E05-9362-058D1ADA8078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "033138E1-82C7-443C-89C1-23D8032674CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E84216-227B-4074-B65B-6AA399D4A8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka \"GDI+ GIF Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La biblioteca gdiplus.dll en GDI en Microsoft Internet Explorer versi\u00f3n 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works versi\u00f3n 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security versi\u00f3n 1.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de imagen GIF malformado que contiene muchos marcadores de extensi\u00f3n para extensiones de control gr\u00e1fico y etiquetas desconocidas posteriores, tambi\u00e9n se conoce como \"GDI+ GIF Parsing Vulnerability.\""
    }
  ],
  "id": "CVE-2008-3013",
  "lastModified": "2024-11-21T00:48:13.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-11T01:11:47.103",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/31020"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020836"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-02-10 22:30
Modified
2024-11-21 00:59
Severity ?
Summary
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-041A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2009/0391
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0391
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188
Impacted products
Vendor Product Version
microsoft visio 2002
microsoft visio 2003
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6C98FD6E-B9EA-4231-8127-31A8D2D25040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Visio v2002 SP2 and v2003 SP3 no valida de forma adecuada el posicionamiento en memoria de los ficheros Visio, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero manipulado, tambi\u00e9n conocido como  \"Memory Corruption Vulerability\"\r\n"
    }
  ],
  "id": "CVE-2009-0097",
  "lastModified": "2024-11-21T00:59:02.973",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-10T22:30:00.327",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/0391"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:06
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una fichero de imagen PNG manipulada, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de entero GDI+ PNG\""
    }
  ],
  "id": "CVE-2009-3126",
  "lastModified": "2024-11-21T01:06:36.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.843",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-17 16:08
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43463Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft 365_apps -
microsoft 365_apps -
microsoft office 2019
microsoft office 2019
microsoft office_long_term_servicing_channel 2021
microsoft office_long_term_servicing_channel 2021
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
              "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
              "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
              "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
              "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*",
              "matchCriteriaId": "75F7306B-D1DA-48C2-AF87-4480E161D794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*",
              "matchCriteriaId": "BA9BCD55-F71E-4920-B906-A1386843776A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Office Visio"
    }
  ],
  "id": "CVE-2024-43463",
  "lastModified": "2024-09-17T16:08:58.350",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-10T17:15:33.627",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43463"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-09-19 17:15
Modified
2024-09-24 11:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft 365_apps -
microsoft office 2019
microsoft office_long_term_servicing_channel 2021
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Office Visio"
    }
  ],
  "id": "CVE-2024-38016",
  "lastModified": "2024-09-24T11:11:06.247",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-19T17:15:12.947",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-08-19 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
References
secure@microsoft.comhttp://isc.sans.org/diary.php?date=2005-08-18Third Party Advisory
secure@microsoft.comhttp://secunia.com/advisories/16480Patch, Vendor Advisory
secure@microsoft.comhttp://secunia.com/advisories/17172Permissions Required, Third Party Advisory
secure@microsoft.comhttp://secunia.com/advisories/17223Permissions Required, Third Party Advisory
secure@microsoft.comhttp://secunia.com/advisories/17509Permissions Required, Third Party Advisory
secure@microsoft.comhttp://securityreason.com/securityalert/72Third Party Advisory
secure@microsoft.comhttp://securitytracker.com/id?1014727Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
secure@microsoft.comhttp://support.avaya.com/elmodocs2/security/ASA-2005-214.pdfThird Party Advisory
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/740372Third Party Advisory, US Government Resource
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/898241Third Party Advisory, US Government Resource
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/959049Third Party Advisory, US Government Resource
secure@microsoft.comhttp://www.microsoft.com/technet/security/advisory/906267.mspxMitigation, Patch, Vendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/archive/1/470690/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/14594Exploit, Patch, Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securityfocus.com/bid/15061Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA05-284A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA05-347A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA06-220A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2005/1450Broken Link
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/21895VDB Entry
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34754VDB Entry
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538
af854a3a-2127-422b-91ae-364da2661108http://isc.sans.org/diary.php?date=2005-08-18Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16480Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17172Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17223Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17509Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/72Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014727Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/740372Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/898241Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/959049Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.microsoft.com/technet/security/advisory/906267.mspxMitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/470690/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14594Exploit, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15061Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA05-347A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-220A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1450Broken Link
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/21895VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34754VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538
Impacted products
Vendor Product Version
ati catalyst_driver *
microsoft .net_framework 1.1
microsoft .net_framework 1.1
microsoft .net_framework 1.1
microsoft .net_framework 1.1
microsoft office *
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office xp
microsoft office xp
microsoft office xp
microsoft project 98
microsoft project 2000
microsoft project 2002
microsoft project 2002
microsoft project 2003
microsoft project 2003
microsoft visio 2000
microsoft visio 2002
microsoft visio 2002
microsoft visio 2002
microsoft visio 2002
microsoft visio 2002
microsoft visio 2002
microsoft visio 2003
microsoft visio 2003
microsoft visio 2003
microsoft visio 2003
microsoft visual_studio_.net 2002
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2003
microsoft visual_studio_.net gold
microsoft visual_studio_.net gold
microsoft visual_studio_.net gold
microsoft visual_studio_.net gold
microsoft visual_studio_.net gold


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ati:catalyst_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E822DD-6123-4CD8-9FE4-BC8A91D94F80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A927C9E-5CCC-4FC1-AE63-24B96A5FC51A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A2804E22-FFF4-4301-8958-16B32CE5ECD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B33B1B47-EEA0-4B1F-AC03-CAB56AB42DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AD45BF-8A91-4C87-AF15-D38D8468A4C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9A82D13-513C-46FA-AF51-0582233E230A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:*",
              "matchCriteriaId": "757EC6C1-F5E2-45CD-9F7F-7760ECEDC842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:*",
              "matchCriteriaId": "59B1B68C-86F1-4FA4-9F82-3E8761ED1E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*",
              "matchCriteriaId": "716DDA05-D094-4837-852C-0511CDDD5ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3C54DDAF-8D7F-4A7D-9186-6048D4C850B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "67388076-420D-4327-A436-329177EA6F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5AB85A3C-EFA3-485D-84C5-7976718AEAE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9D02D769-061D-44A5-B019-F4E653DF615A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:98:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BFDC2A-4AE1-4FC8-ABA7-0400D46EA587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F09162C-01F0-4056-94D3-995713F92AE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE2D3E0-49E4-410E-B63A-753BDE8995BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "AC1DA2B8-C41B-4EB9-A58F-E4E63F695A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2000:sr1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B4EC96E0-8D7C-4C72-8F04-97B0B675306E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E24DF34-F4A8-4C28-9593-F019FE3E3BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:*:*:*:professional:*:*:*",
              "matchCriteriaId": "FF41DACB-D707-4ED3-BA2E-2EEABC17FC4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "70D447B9-4604-447C-88FC-F5DC8F77603C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:professional:*:*:*",
              "matchCriteriaId": "F6E69C81-2894-4319-9FBD-60AE719942E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:standard:*:*:*",
              "matchCriteriaId": "8BC60369-95D2-475B-9FDA-5D1C13FEE8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:professional:*:*:*",
              "matchCriteriaId": "9BF7D109-38E6-4FEE-8F9B-9A481D50DCFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:standard:*:*:*",
              "matchCriteriaId": "3D931561-2312-4770-B418-FB622856DF34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6FBEFBED-72F3-447B-8164-9E5C16828484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:gold:*:*:*:*:*:*",
              "matchCriteriaId": "E17BD019-DD35-413E-ACBA-2E77C8A1247D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:*:*:*:enterprise_architect:*:*:*",
              "matchCriteriaId": "A681100F-9DE5-4BE6-ADE9-64A3808C7CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*",
              "matchCriteriaId": "B9E6C132-4F4B-4FB0-9DDC-DD9750D8552D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:academic:*:*:*",
              "matchCriteriaId": "AEC99110-8EC1-4FEC-9535-B27AF1965DBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:enterprise_architect:*:*:*",
              "matchCriteriaId": "B35FE238-4380-41C7-A956-EA3F2D5F9159",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:enterprise_developer:*:*:*",
              "matchCriteriaId": "A8E772B4-8E7D-4D35-8C59-5959123AA572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:professional:*:*:*",
              "matchCriteriaId": "4AFEC24E-5FA5-4653-BBAA-AFEBCC3F149B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:trial:*:*:*",
              "matchCriteriaId": "D451D000-00DC-46A9-9D1E-2C715D6D1787",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the \"COM Object Instantiation Memory Corruption vulnerability.\""
    }
  ],
  "id": "CVE-2005-2127",
  "lastModified": "2024-11-20T23:58:51.623",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-08-19T04:00:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.php?date=2005-08-18"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16480"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/17172"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/17223"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/17509"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/72"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1014727"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/740372"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/898241"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/959049"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/906267.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/470690/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/14594"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/15061"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/1450"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21895"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34754"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.php?date=2005-08-18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/17172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/17223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/17509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/72"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1014727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/740372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/898241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/959049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/906267.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/470690/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/14594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/15061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/1450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-06-12 19:30
Modified
2024-11-21 00:27
Severity ?
Summary
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
References
secure@microsoft.comhttp://osvdb.org/35343
secure@microsoft.comhttp://secunia.com/advisories/25619
secure@microsoft.comhttp://www.securityfocus.com/archive/1/471947/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/471947/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/24384
secure@microsoft.comhttp://www.securitytracker.com/id?1018227
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA07-163A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2007/2150
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/35343
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25619
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24384
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018227
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-163A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2150
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369
Impacted products
Vendor Product Version
microsoft office 2003
microsoft visio 2002


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka \"Visio Document Packaging Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en Microsoft Visio 2002 permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo Visio (.VSD, .VSS, .VST) con un objeto empaquetado manipulado que dispara una corrupci\u00f3n de memoria, tambi\u00e9n conocida como \"Vulnerabilidad de Empaquetado de Documento Visio\" (Visio Document Packaging Vulnerability)"
    }
  ],
  "id": "CVE-2007-0936",
  "lastModified": "2024-11-21T00:27:06.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-12T19:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35343"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/25619"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/24384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018227"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/2150"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1369"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de enteros en las API no especificadas en GDI+ en .NET Framework versi\u00f3n 1.1 SP1, .NET Framework versi\u00f3n 2.0 SP1 y SP2, Windows XP SP2 y SP3, Windows Server 2003 SP2, Vista versi\u00f3n Gold y SP1, Server 2008 versi\u00f3n Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 versi\u00f3n Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 versi\u00f3n Gold, SP1 y SP2, Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web 2, Groove 2007 versi\u00f3n Gold y SP1, Works versi\u00f3n 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 versi\u00f3n Gold y SP1 y Forefront Client Security versi\u00f3n 1.0, de Microsoft, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de (1) una aplicaci\u00f3n de navegador XAML dise\u00f1ada (XBAP), (2) una aplicaci\u00f3n de ASP.NET dise\u00f1ada o (3) una aplicaci\u00f3n de .NET Framework dise\u00f1ada, tambi\u00e9n se conoce como \"GDI+ .NET API Vulnerability\"."
    }
  ],
  "id": "CVE-2009-2504",
  "lastModified": "2024-11-21T01:05:02.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.437",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-13 05:59
Modified
2024-11-21 02:40
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."
References
secure@microsoft.comhttp://www.securitytracker.com/id/1034651
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034651
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004
Impacted products
Vendor Product Version
microsoft excel 2007
microsoft excel 2010
microsoft excel 2010
microsoft excel 2013
microsoft excel 2013
microsoft excel 2016
microsoft office 2007
microsoft office 2010
microsoft office 2010
microsoft office 2013
microsoft office 2016
microsoft powerpoint 2010
microsoft powerpoint 2013
microsoft powerpoint 2013
microsoft powerpoint 2016
microsoft visio 2007
microsoft visio 2010
microsoft visio 2013
microsoft visio 2016
microsoft visual_basics 6.0
microsoft word 2007
microsoft word 2010
microsoft word 2013
microsoft word 2013
microsoft word 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
              "matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "387D78BD-2368-4525-BFC2-52149585E1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basics:6.0:*:*:*:rt:*:*:*",
              "matchCriteriaId": "94937F2F-0730-4BAA-9479-CA1A7E1FDE89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"Microsoft Office ASLR Bypass.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016 y Visual Basic 6.0 Runtime permiten a atacantes remotos eludir el mecanismo de protecci\u00f3n ASLR a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como \"Microsoft Office ASLR Bypass\"."
    }
  ],
  "id": "CVE-2016-0012",
  "lastModified": "2024-11-21T02:40:55.847",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-13T05:59:10.607",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1034651"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-08-15 00:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability."
References
secure@microsoft.comhttp://www.securitytracker.com/id/1033237Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securitytracker.com/id/1033239Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securitytracker.com/id/1033248Third Party Advisory, VDB Entry
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079Patch, Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081Patch, Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033237Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033239Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033248Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft excel 2007
microsoft excel 2010
microsoft excel 2013
microsoft excel 2013
microsoft office 2010
microsoft powerpoint 2007
microsoft powerpoint 2010
microsoft powerpoint 2013
microsoft powerpoint 2013
microsoft visio 2007
microsoft visio 2010
microsoft visio 2013
microsoft visio 2013
microsoft visio 2016
microsoft word 2007
microsoft word 2010
microsoft word 2013
microsoft word 2013
microsoft word 2016
microsoft internet_explorer 7
microsoft internet_explorer 8
microsoft internet_explorer 9
microsoft internet_explorer 10
microsoft internet_explorer 11
microsoft windows_10 -
microsoft windows_7 -
microsoft windows_8 -
microsoft windows_8.1 -
microsoft windows_rt -
microsoft windows_rt_8.1 -
microsoft windows_server_2008 -
microsoft windows_server_2008 r2
microsoft windows_server_2008 r2
microsoft windows_server_2012 -
microsoft windows_server_2012 r2
microsoft windows_vista -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "387D78BD-2368-4525-BFC2-52149585E1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "68BAD9E9-2ED1-4B18-9A11-3753C798F29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABC7A32C-4A4A-4533-B42E-350E728ADFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
              "matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Unsafe Command Line Parameter Passing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1 e Internet Explorer 7 hasta la versi\u00f3n 11, permite a atacantes remotos obtener privilegios e informaci\u00f3n sensible a trav\u00e9s de un par\u00e1metro de l\u00ednea de comandos manipulado para una aplicaci\u00f3n de Office o Notepad, seg\u00fan lo demostrado en una transici\u00f3n desde Low Integrity hasta Medium Integrity, tambi\u00e9n conocida como \u0027Unsafe Command Line Parameter Passing Vulnerability.\u0027"
    }
  ],
  "id": "CVE-2015-2423",
  "lastModified": "2024-11-21T02:27:22.383",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-15T00:59:03.670",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033237"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033239"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033248"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-08-10 21:55
Modified
2024-11-21 01:27
Severity ?
Summary
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA11-221A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA11-221A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852
Impacted products
Vendor Product Version
microsoft visio 2003
microsoft visio 2007
microsoft visio 2010
microsoft visio 2010
microsoft visio 2010
microsoft visio 2010


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E822A55C-0440-4622-9284-A5DF70D49C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:*:x32:*:*:*:*:*",
              "matchCriteriaId": "6FD08D8C-C7B8-41CB-8F21-F894704330B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:*:x64:*:*:*:*:*",
              "matchCriteriaId": "C029E0B6-9E53-409A-BAFF-5A2F17AB14AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp1:x32:*:*:*:*:*",
              "matchCriteriaId": "BB6C963E-46DA-422C-9DE7-B0536F001C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "1AA1633F-11EA-42E1-A4C7-7334E8EF8486",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka \"pStream Release RCE Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Visio 2003 SP3, 2007 SP2 y 2010 Gold y SP1 no valida adecuadamente los objetos en memoria durante el an\u00e1lisis sint\u00e1ctico del fichero Visio, esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero manipulado. Tambi\u00e9n se conoce como \"Vulnerabildiad en pStream Release RCE\"."
    }
  ],
  "id": "CVE-2011-1972",
  "lastModified": "2024-11-21T01:27:24.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-08-10T21:55:01.860",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12852"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-15 01:55
Modified
2024-11-21 01:37
Severity ?
Summary
Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA12-227A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-059
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15811
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA12-227A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-059
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15811
Impacted products
Vendor Product Version
microsoft visio 2010
microsoft visio 2010
microsoft visio_viewer 2010
microsoft visio_viewer 2010


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "1AA1633F-11EA-42E1-A4C7-7334E8EF8486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "B95A03BE-61BA-44A8-81EC-B4C2B70B2395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio_viewer:2010:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "2B947195-5EA8-4647-9C9A-C82ED74011FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio_viewer:2010:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "E0E27371-C6CD-4F51-B735-12F45D0108C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka \"Visio DXF File Format Buffer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Microsoft Visio 2010 Service Pack 1 y Visio Viewer 2010 Service Pack 1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de Visio especialmente dise\u00f1ado, tambi\u00e9n conocido como \"desbordamiento de b\u00fafer Visio DXF File Format\"."
    }
  ],
  "id": "CVE-2012-1888",
  "lastModified": "2024-11-21T01:37:58.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-15T01:55:01.537",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-059"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15811"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-10-10 22:07
Modified
2024-11-21 00:14
Severity ?
Summary
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
References
secure@microsoft.comhttp://securitytracker.com/id?1017030
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/205948US Government Resource
secure@microsoft.comhttp://www.osvdb.org/29448
secure@microsoft.comhttp://www.securityfocus.com/archive/1/449179/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/449179/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/20325
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA07-044A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2006/3977Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017030
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/205948US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29448
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449179/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449179/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20325
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3977Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568
Impacted products
Vendor Product Version
microsoft access 2000
microsoft access 2002
microsoft access 2003
microsoft excel 2000
microsoft excel 2002
microsoft excel 2003
microsoft excel_viewer 2003
microsoft frontpage 2000
microsoft frontpage 2002
microsoft frontpage 2003
microsoft infopath 2003
microsoft office 2000
microsoft office 2003
microsoft office 2004
microsoft office xp
microsoft onenote 2003
microsoft outlook 2000
microsoft outlook 2002
microsoft outlook 2003
microsoft powerpoint 2000
microsoft powerpoint 2002
microsoft powerpoint 2003
microsoft powerpoint 2004
microsoft project 2000
microsoft project 2002
microsoft project 2003
microsoft publisher 2000
microsoft publisher 2002
microsoft publisher 2003
microsoft visio 2002
microsoft visio 2003
microsoft word 2000
microsoft word 2002
microsoft word 2003
microsoft word_viewer 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D7BA07-3BCA-41CF-B5D3-341E912650A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DFFFF4-EA09-48C5-A600-A62C1A1A7360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC4AE5AF-C83E-4802-B75C-0058742A4997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C6629C-BF53-49A1-B32C-A828CA0A0500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "794FCFBF-2D55-4ECE-825E-180616DB35FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "6F0EF69E-52BA-4D7C-B470-CB4A92DA7EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "95648599-D3B3-4043-821C-D385FB7A77CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEBFF713-0884-43BF-9AB8-777664FD64AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un \"fichero artesanal\" no especificado, una vulnerabilidad diferente que CVE-2006-3435, CVE-2006-4694, y CVE-2006-3876."
    }
  ],
  "id": "CVE-2006-3877",
  "lastModified": "2024-11-21T00:14:37.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-10-10T22:07:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1017030"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/205948"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.osvdb.org/29448"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/20325"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3977"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/205948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-03-13 00:55
Modified
2024-11-21 01:46
Severity ?
Summary
Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
References
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/851777US Government Resource
secure@microsoft.comhttp://www.us-cert.gov/ncas/alerts/TA13-071AUS Government Resource
secure@microsoft.comhttp://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/851777US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/ncas/alerts/TA13-071AUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300
Impacted products
Vendor Product Version
microsoft office_filter_pack 2010
microsoft office_filter_pack 2010
microsoft visio 2010
microsoft visio 2010
microsoft visio_viewer 2010
microsoft visio_viewer 2010


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_filter_pack:2010:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "4426A101-1DB2-4E52-93A2-0E544B9A8609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_filter_pack:2010:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "29364910-E9DB-423E-812F-C3CDA9D1F186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "1AA1633F-11EA-42E1-A4C7-7334E8EF8486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "B95A03BE-61BA-44A8-81EC-B4C2B70B2395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio_viewer:2010:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "2B947195-5EA8-4647-9C9A-C82ED74011FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio_viewer:2010:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "E0E27371-C6CD-4F51-B735-12F45D0108C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka \"Visio Viewer Tree Object Type Confusion Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Visio Viewer 2010 SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo Visio especialmente manipulado, lo que provoca una reserva de memoria incorrecta. Aka Microsoft Visio Viewer 2010"
    }
  ],
  "id": "CVE-2013-0079",
  "lastModified": "2024-11-21T01:46:50.493",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-03-13T00:55:01.167",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/851777"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/851777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-11-11 11:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
References
secure@microsoft.comhttp://www.securitytracker.com/id/1034117Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securitytracker.com/id/1034119Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securitytracker.com/id/1034122Third Party Advisory, VDB Entry
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034117Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034119Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034122Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116
Impacted products
Vendor Product Version
microsoft access 2007
microsoft access 2010
microsoft access 2013
microsoft access 2016
microsoft excel 2007
microsoft excel 2010
microsoft excel 2010
microsoft excel 2013
microsoft excel 2013
microsoft excel 2016
microsoft infopath 2007
microsoft infopath 2010
microsoft infopath 2013
microsoft lync 2013
microsoft office_2007_ime sp3
microsoft onenote 2007
microsoft onenote 2010
microsoft onenote 2013
microsoft onenote 2013
microsoft onenote 2016
microsoft pinyin_ime 2010
microsoft powerpoint 2007
microsoft powerpoint 2010
microsoft powerpoint 2013
microsoft powerpoint 2013
microsoft powerpoint 2016
microsoft project 2007
microsoft project 2016
microsoft project_server 2010
microsoft project_server 2013
microsoft publisher 2007
microsoft publisher 2010
microsoft publisher 2013
microsoft publisher 2016
microsoft skype_for_business 2016
microsoft visio 2007
microsoft visio 2010
microsoft visio 2013
microsoft visio 2016
microsoft word 2007
microsoft word 2010
microsoft word 2013
microsoft word 2013
microsoft word 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:access:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AAB5D3AF-369A-48A0-BFA1-9F0D1ACE1F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "7122C5BF-C7C8-4B20-AACF-03F0ED83A7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3E995599-F698-4E73-9401-4CA47FADFCBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E42DC73-F1D0-47CD-BED8-DB2C6E044E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
              "matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4C919D14-520A-4C10-850F-14AA80BF4B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "DA2DE6A4-A857-4BE3-B7EA-3C3A6B05DFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C1273DC0-2188-4D5C-963D-761683B93A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "8B854E18-7CB0-43F7-9EBF-E356FA176B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_2007_ime:sp3:*:*:ja:*:*:*:*",
              "matchCriteriaId": "ABB6C9AE-3F75-4F94-A295-A5A31A2BE0F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "83434795-4772-48E2-B604-9AAC6ECDE0B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "18AE1481-1E92-42F9-9E2E-C9C19353E580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "FE03F7A7-90F4-4D41-9529-B36937CD94D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "BBB1E19F-6870-429A-AB66-D7BBF3845AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F1EA3D-FD2D-4CB2-A93A-DFAD3187AFC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73F56F0-4983-48F8-A34B-CBA8B023AE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "904623F9-BEC4-4D9C-AC7E-AFBFFDF928CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA3A3C2-DB00-4095-B445-5A5041EB3194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0B02D845-F95D-44D7-AB4C-2E464C3AB783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "597153BC-B8A7-45E5-AE3F-D897FAE4C7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "8AB29E20-496D-4CDA-918B-40E4ABB3ECBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "78E9611F-1DE1-4FB2-9C70-16602FFC73C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EB39B6EE-BC01-4D21-A3D8-CDDA268C55FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3AA120-CE06-40A3-ADC4-C42077509287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "D499807D-91F3-447D-B9F0-D612898C9339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "387D78BD-2368-4525-BFC2-52149585E1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japon\u00e9s) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016 y Lync 2013 SP1 permiten a atacantes remotos eludir un mecanismo de protecci\u00f3n sandbox y obtener privilegios a trav\u00e9s de una p\u00e1gina web manipulada a la que se accede con Internet Explorer, seg\u00fan lo demostrado por una transici\u00f3n de Low Integrity a Medium Integrity, tambi\u00e9n conocida como \u0027Microsoft Office Elevation of Privilege Vulnerability\u0027."
    }
  ],
  "id": "CVE-2015-2503",
  "lastModified": "2024-11-21T02:27:30.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-11-11T11:59:18.423",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034117"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034119"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034122"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "GDI+ en Microsoft Office XP SP3 no maneja adecuadamente los objetos mal formados en Office Art Property Tables, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento de Office manipulado que provoca una corrupci\u00f3n de memoria, \"tambi\u00e9n conocida como vulnerabilidad de corrupci\u00f3n de memoria\"."
    }
  ],
  "id": "CVE-2009-2528",
  "lastModified": "2024-11-21T01:05:05.200",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.703",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-01-10 22:15
Modified
2024-11-21 07:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21737
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21737
Impacted products
Vendor Product Version
microsoft 365_apps -
microsoft office 2019
microsoft office_long_term_servicing_channel 2021
microsoft visio 2013
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Office Visio"
    }
  ],
  "id": "CVE-2023-21737",
  "lastModified": "2024-11-21T07:43:32.473",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-10T22:15:17.600",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21737"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-02-10 22:30
Modified
2024-11-21 00:59
Severity ?
Summary
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-041A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2009/0391
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0391
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179
Impacted products
Vendor Product Version
microsoft visio 2002
microsoft visio 2003
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6C98FD6E-B9EA-4231-8127-31A8D2D25040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Validation Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Visio 2002 SP2, 2003 SP3 y 2007 SP1 no valida adecuadamente los datos Object de los ficheros Visio, esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero manipulado. Tambi\u00e9n se conoce como \"Vulnerabilidad de Validaci\u00f3n de Memoria\"."
    }
  ],
  "id": "CVE-2009-0095",
  "lastModified": "2024-11-21T00:59:02.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-10T22:30:00.280",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/0391"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-02-10 22:30
Modified
2024-11-21 00:59
Severity ?
Summary
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-041A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2009/0391
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0391
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172
Impacted products
Vendor Product Version
microsoft visio 2002
microsoft visio 2003
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6C98FD6E-B9EA-4231-8127-31A8D2D25040",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka \"Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, y 2007 SP1 no realiza correctamente la copia de memoria para los datos de objetos, lo que permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de un documento de Visio manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria\""
    }
  ],
  "id": "CVE-2009-0096",
  "lastModified": "2024-11-21T00:59:02.847",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-10T22:30:00.313",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/0391"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6172"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft access 2010
microsoft access 2013
microsoft access 2016
microsoft excel 2010
microsoft excel 2013
microsoft excel 2016
microsoft office 2010
microsoft office 2013
microsoft office 2013
microsoft office 2016
microsoft office 2019
microsoft office_365_proplus -
microsoft outlook 2010
microsoft outlook 2013
microsoft outlook 2013
microsoft outlook 2016
microsoft powerpoint 2010
microsoft powerpoint 2013
microsoft powerpoint 2013
microsoft powerpoint 2016
microsoft project 2010
microsoft project 2013
microsoft project 2016
microsoft publisher 2010
microsoft publisher 2013
microsoft publisher 2016
microsoft visio 2010
microsoft visio 2013
microsoft visio 2016
microsoft word 2010
microsoft word 2013
microsoft word 2013
microsoft word 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:access:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "7122C5BF-C7C8-4B20-AACF-03F0ED83A7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3E995599-F698-4E73-9401-4CA47FADFCBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E42DC73-F1D0-47CD-BED8-DB2C6E044E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:-:*:*:*",
              "matchCriteriaId": "552E1557-D6FA-45DD-9B52-E13ACDBB8A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*",
              "matchCriteriaId": "C5282C83-86B8-442D-851D-B54E88E8B1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F9A115C1-45EB-4688-AD7C-C1854850EE9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*",
              "matchCriteriaId": "8D513A61-6427-4F85-AADF-99D6F223AF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:-:*:*:*",
              "matchCriteriaId": "F7F40F5A-E53D-430A-B3CA-8836288FE47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "39EA4DCC-AA3F-4E3B-8754-BF79B2FD8657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "33E26FF2-B80D-4C64-B9D5-ED0DE4BF3B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA3A3C2-DB00-4095-B445-5A5041EB3194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "78E9611F-1DE1-4FB2-9C70-16602FFC73C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EB39B6EE-BC01-4D21-A3D8-CDDA268C55FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3AA120-CE06-40A3-ADC4-C42077509287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",
              "matchCriteriaId": "D7A48E44-F01A-40AD-B8AF-8FE368248003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0991."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota cuando Microsoft Office carga inapropiadamente bibliotecas de tipos arbitrarios, tambi\u00e9n se conoce como \"Microsoft Office Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-0991."
    }
  ],
  "id": "CVE-2020-0760",
  "lastModified": "2024-11-21T04:54:09.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T15:15:13.777",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-06-12 19:30
Modified
2024-11-21 00:27
Severity ?
Summary
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
References
secure@microsoft.comhttp://osvdb.org/35342
secure@microsoft.comhttp://secunia.com/advisories/25619
secure@microsoft.comhttp://www.securityfocus.com/archive/1/471947/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/471947/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/24349
secure@microsoft.comhttp://www.securitytracker.com/id?1018227
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA07-163A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2007/2150
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34607
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/35342
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25619
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24349
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018227
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-163A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2150
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34607
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925
Impacted products
Vendor Product Version
microsoft visio 2002


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E24DF34-F4A8-4C28-9593-F019FE3E3BA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Microsoft Visio 202 permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo de Visio (.VSD, .VSS, .VST) con un n\u00famero de versi\u00f3n manipulado que dispara una corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2007-0934",
  "lastModified": "2024-11-21T00:27:06.517",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-12T19:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35342"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/25619"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/24349"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018227"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/2150"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34607"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-04-08 23:05
Modified
2024-11-21 00:43
Severity ?
Summary
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
References
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=120845064910729&w=2
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=120845064910729&w=2
secure@microsoft.comhttp://secunia.com/advisories/29691Patch, Vendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/bid/28556Patch
secure@microsoft.comhttp://www.securitytracker.com/id?1019804
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-099A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/1143/references
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41452
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=120845064910729&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=120845064910729&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29691Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28556Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019804
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-099A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1143/references
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41452
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344
Impacted products
Vendor Product Version
microsoft office 2003
microsoft office 2003
microsoft office 2007
microsoft office 2007_sp1
microsoft office xp
microsoft visio 2002
microsoft visio 2003
microsoft visio 2003_sp3
microsoft visio 2007
microsoft visio 2007_sp1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4142D44F-26F2-467B-A7DE-00239C0013D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9D02D769-061D-44A5-B019-F4E653DF615A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6FBEFBED-72F3-447B-8164-9E5C16828484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003_sp3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70415FAE-E313-4F76-961D-A259651CFC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "C27CD3D6-9893-4522-B70F-F69A6E4A9CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "344E501A-B7A4-4309-AD7A-CA7A8A05D82D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka \"Visio Memory Validation Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Microsoft Visio 2002 SP2, 2003 SP2 y SP3, y 2007 hasta SP1, que permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un un archivo .DXF manipulado. Tambi\u00e9n conocida como \"Vulnerabilidad de Validaci\u00f3n de Memoria en Visio\"."
    }
  ],
  "id": "CVE-2008-1090",
  "lastModified": "2024-11-21T00:43:39.323",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-08T23:05:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29691"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28556"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019804"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/1143/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41452"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1143/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-10-10 22:07
Modified
2024-11-21 00:14
Severity ?
Summary
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
References
secure@microsoft.comhttp://secunia.com/advisories/22339Vendor Advisory
secure@microsoft.comhttp://securitytracker.com/id?1017034
secure@microsoft.comhttp://secway.org/advisory/AD20061010.txt
secure@microsoft.comhttp://support.microsoft.com/kb/922581
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/176556US Government Resource
secure@microsoft.comhttp://www.osvdb.org/29429
secure@microsoft.comhttp://www.securityfocus.com/archive/1/448268/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/449179/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/449179/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/20384
secure@microsoft.comhttp://www.vupen.com/english/advisories/2006/3981Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22339Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017034
af854a3a-2127-422b-91ae-364da2661108http://secway.org/advisory/AD20061010.txt
af854a3a-2127-422b-91ae-364da2661108http://support.microsoft.com/kb/922581
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/176556US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29429
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/448268/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449179/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449179/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20384
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3981Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632
Impacted products
Vendor Product Version
microsoft office 2000
microsoft office 2003
microsoft office 2003
microsoft office 2004
microsoft office v.x
microsoft office xp
microsoft project 2000
microsoft project 2002
microsoft visio 2002


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4EED9D78-AE73-44BA-A1CE-603994E92E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*",
              "matchCriteriaId": "1A57804E-CD79-4431-AA97-0F85C2CE20C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "6F0EF69E-52BA-4D7C-B470-CB4A92DA7EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an \"array boundary condition\" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el mso.dll de Microsoft Office 2000, XP y 2003 y para el Microsoft PowerPoint 2000, XP y 2003, permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un registro mal formado en ficheros (1) .DOC, (2) .PPT o (3) .XLS lo que dispara una corrupci\u00f3n de memoria relacionado con \"la condici\u00f3n de l\u00edmite del array\" (posiblemente un desbordamiento del \u00edndice del array), una vulnerabilidad diferente que CVE-2006-3434, CVE-2006-3650, y CVE-2006-3868."
    }
  ],
  "id": "CVE-2006-3864",
  "lastModified": "2024-11-21T00:14:36.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-10-10T22:07:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22339"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1017034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secway.org/advisory/AD20061010.txt"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://support.microsoft.com/kb/922581"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/176556"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.osvdb.org/29429"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/20384"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3981"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secway.org/advisory/AD20061010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.microsoft.com/kb/922581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/176556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-06-16 01:59
Modified
2024-11-21 02:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
References
secure@microsoft.comhttp://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.htmlThird Party Advisory, VDB Entry
secure@microsoft.comhttp://seclists.org/fulldisclosure/2016/Jun/32Mailing List, Third Party Advisory
secure@microsoft.comhttp://www.securityfocus.com/archive/1/538685/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securitytracker.com/id/1036093Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070Patch, Vendor Advisory
secure@microsoft.comhttps://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2016/Jun/32Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538685/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036093Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.htmlExploit, Third Party Advisory
Impacted products
Vendor Product Version
microsoft visio 2007
microsoft visio 2010
microsoft visio 2013
microsoft visio 2016
microsoft visio_viewer 2007
microsoft visio_viewer 2010


To clipboard 

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Office OLE DLL Side Loading Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "387D78BD-2368-4525-BFC2-52149585E1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio_viewer:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4E480F86-60A0-4662-9262-CBC94C62A8F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "B063DF85-AF5F-484B-AB6F-7B51FC42189F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3 y Visio Viewer 2010 no maneja adecuadamente la carga de librer\u00edas, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocida como \"Microsoft Office OLE DLL Side Loading Vulnerability.\""
    }
  ],
  "id": "CVE-2016-3235",
  "lastModified": "2024-11-21T02:49:38.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-16T01:59:36.983",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Jun/32"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/538685/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036093"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Jun/32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/538685/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-01-10 22:15
Modified
2024-11-21 07:43
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
Microsoft Office Visio Information Disclosure Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21741
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21741
Impacted products
Vendor Product Version
microsoft 365_apps -
microsoft office 2019
microsoft office_long_term_servicing_channel 2021
microsoft visio 2013
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Visio Information Disclosure Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Microsoft Office Visio"
    }
  ],
  "id": "CVE-2023-21741",
  "lastModified": "2024-11-21T07:43:33.080",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-10T22:15:17.790",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21741"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-11 16:15
Modified
2024-11-21 05:57
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Visio Security Feature Bypass Vulnerability
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft 365_apps -
microsoft office 2019
microsoft visio 2010
microsoft visio 2013
microsoft visio 2016


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*",
              "matchCriteriaId": "C5282C83-86B8-442D-851D-B54E88E8B1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Visio Security Feature Bypass Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una Vulnerabilidad de Omisi\u00f3n de la Caracter\u00edstica de Seguridad de Microsoft Visio"
    }
  ],
  "id": "CVE-2021-27055",
  "lastModified": "2024-11-21T05:57:15.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-03-11T16:15:17.333",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web 2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen WMF, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de entero GDI+ WMF\""
    }
  ],
  "id": "CVE-2009-2500",
  "lastModified": "2024-11-21T01:05:01.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.327",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-05-15 03:36
Modified
2024-11-21 01:49
Severity ?
Summary
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/ncas/alerts/TA13-134AThird Party Advisory, US Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/ncas/alerts/TA13-134AThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750
Impacted products
Vendor Product Version
microsoft visio 2003
microsoft visio 2007
microsoft visio 2010


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "387D78BD-2368-4525-BFC2-52149585E1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "309E4A2E-60B9-4F68-BAC6-7BC997849B19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka \"XML External Entities Resolution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Visio 2003 SP3 2007 SP3, y 2010 SP1 permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante un documento XML conteniendo una declaraci\u00f3n de entidad externa junto con una referencia de entidad, tambi\u00e9n conocido como \"Vulnerabilidad de resluci\u00f3n de entidad XML externa\""
    }
  ],
  "id": "CVE-2013-1301",
  "lastModified": "2024-11-21T01:49:17.817",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-05-15T03:36:33.410",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-02-10 16:00
Modified
2024-11-21 01:23
Severity ?
Summary
ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://osvdb.org/70829
secure@microsoft.comhttp://secunia.com/advisories/43254
secure@microsoft.comhttp://www.securityfocus.com/bid/46138
secure@microsoft.comhttp://www.securitytracker.com/id?1025043
secure@microsoft.comhttp://www.vupen.com/english/advisories/2011/0321
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/64924
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/70829
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43254
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46138
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025043
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0321
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64924
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469
Impacted products
Vendor Product Version
microsoft visio 2002
microsoft visio 2003
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E822A55C-0440-4622-9284-A5DF70D49C63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka \"Visio Data Type Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "ELEMENTS.DLL en Microsoft Visio 2002 SP2, 2003 SP3, y 2007 SP2 no parsea adecuadamente estructuras durante la apertura de un archivo Visio lo que permite que atacantes remotos ejectuten c\u00f3digo de su elecci\u00f3n a trav\u00e9s de archivos que contienen una estructura malformadas, tambi\u00e9n conocido como \"Visio Data Type Memory Corruption Vulnerability.\""
    }
  ],
  "id": "CVE-2011-0093",
  "lastModified": "2024-11-21T01:23:19.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-10T16:00:31.863",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/70829"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/43254"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/46138"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025043"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2011/0321"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64924"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12469"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-02-03 01:28
Modified
2024-11-21 00:26
Severity ?
Summary
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
References
secure@microsoft.comhttp://osvdb.org/31901
secure@microsoft.comhttp://secunia.com/advisories/24008Vendor Advisory
secure@microsoft.comhttp://securitytracker.com/id?1017584
secure@microsoft.comhttp://vil.nai.com/vil/content/v_141393.htm
secure@microsoft.comhttp://www.avertlabs.com/research/blog/?p=191
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/613740US Government Resource
secure@microsoft.comhttp://www.microsoft.com/technet/security/advisory/932553.mspxVendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/bid/22383
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA07-044A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2007/0463Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/32178
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/31901
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24008Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017584
af854a3a-2127-422b-91ae-364da2661108http://vil.nai.com/vil/content/v_141393.htm
af854a3a-2127-422b-91ae-364da2661108http://www.avertlabs.com/research/blog/?p=191
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/613740US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.microsoft.com/technet/security/advisory/932553.mspxVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22383
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0463Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32178
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301
Impacted products
Vendor Product Version
microsoft access 2000
microsoft access 2002
microsoft access 2003
microsoft excel 2000
microsoft excel 2002
microsoft excel 2003
microsoft excel 2004
microsoft excel_viewer 2003
microsoft frontpage 2000
microsoft frontpage 2002
microsoft frontpage 2003
microsoft infopath 2003
microsoft office 2000
microsoft office 2003
microsoft office 2004
microsoft office xp
microsoft onenote 2003
microsoft outlook 2000
microsoft outlook 2002
microsoft outlook 2003
microsoft powerpoint 2000
microsoft powerpoint 2002
microsoft powerpoint 2003
microsoft powerpoint 2004
microsoft project 2000
microsoft project 2002
microsoft project 2003
microsoft publisher 2000
microsoft publisher 2002
microsoft publisher 2003
microsoft visio 2002
microsoft visio 2003
microsoft word 2000
microsoft word 2002
microsoft word 2003
microsoft word_viewer 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D7BA07-3BCA-41CF-B5D3-341E912650A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DFFFF4-EA09-48C5-A600-A62C1A1A7360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC4AE5AF-C83E-4802-B75C-0058742A4997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "CE1A1218-8033-4F3C-B8D7-7D1D61A273E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C6629C-BF53-49A1-B32C-A828CA0A0500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "794FCFBF-2D55-4ECE-825E-180616DB35FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "6F0EF69E-52BA-4D7C-B470-CB4A92DA7EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "95648599-D3B3-4043-821C-D385FB7A77CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEBFF713-0884-43BF-9AB8-777664FD64AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de vectores de ataque desconocidos, como es demostrado por el archivo Exploit-MSExcel.h en ataques de d\u00eda cero dirigidos."
    }
  ],
  "id": "CVE-2007-0671",
  "lastModified": "2024-11-21T00:26:27.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-02-03T01:28:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/31901"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24008"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1017584"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://vil.nai.com/vil/content/v_141393.htm"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.avertlabs.com/research/blog/?p=191"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/613740"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/22383"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0463"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/31901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://vil.nai.com/vil/content/v_141393.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.avertlabs.com/research/blog/?p=191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/613740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-08-10 21:55
Modified
2024-11-21 01:27
Severity ?
Summary
Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA11-221A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA11-221A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659
Impacted products
Vendor Product Version
microsoft visio 2003
microsoft visio 2007


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "553ADEFC-11EC-4E29-8A95-4AF59DB6CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E822A55C-0440-4622-9284-A5DF70D49C63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Move Around the Block RCE Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Visio 2003 SP3 y 2007 SP2 no valida apropiadamente objetos en memoria durante el \"parseo\" de archivos Visio, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo modificado. Tambi\u00e9n conocida como \"Move Around the Block RCE Vulnerability\"."
    }
  ],
  "id": "CVE-2011-1979",
  "lastModified": "2024-11-21T01:27:25.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-08-10T21:55:02.047",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12659"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}