Information Assurance Vulnerability Management (IAVM) id Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."įailure to Constrain Operations within the Bounds of a Memory Buffer NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. 0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: some of these details are obtained from third party information.īuffer overflow in msjet40.dll before. Microsoft Word 2000 9.0.28 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted. doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue. Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |