RSS   Vulnerabilities for 'Works'   RSS

2012-10-09
 
CVE-2012-2550

CWE-119
 

 
Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability."

 
2012-04-10
 
CVE-2012-0177

CWE-119
 

 
Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."

 
2010-12-16
 
CVE-2010-3950

CWE-119
 

 
The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability."

 
 
CVE-2010-3947

CWE-119
 

 
Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability."

 
2010-08-11
 
CVE-2010-1900

 

 
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability."

 
2009-10-14
 
CVE-2009-3126

CWE-189
 

 
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."

 
 
CVE-2009-2528

CWE-94
 

 
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

 
 
CVE-2009-2518

CWE-189
 

 
Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability."

 
2009-12-09
 
CVE-2009-2506

CWE-189
 

 
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.

 
2009-10-14
 
CVE-2009-2504

CWE-189
 

 
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."

 


Copyright 2019, cxsecurity.com

 

Back to Top