# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
5051 |
CVE-2008-2321 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-08-03 |
2017-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." |
5052 |
CVE-2008-2308 |
264 |
|
DoS +Priv Mem. Corr. |
2008-07-01 |
2017-08-07 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. |
5053 |
CVE-2008-2307 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-06-23 |
2011-03-15 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. |
5054 |
CVE-2008-2258 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-08-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. |
5055 |
CVE-2008-2257 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-08-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. |
5056 |
CVE-2008-2256 |
20 |
|
DoS Exec Code Mem. Corr. |
2008-08-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." |
5057 |
CVE-2008-2255 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-08-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." |
5058 |
CVE-2008-2254 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-08-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." |
5059 |
CVE-2008-2252 |
264 |
|
+Priv Mem. Corr. |
2008-10-14 |
2019-10-09 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." |
5060 |
CVE-2008-2111 |
399 |
|
Exec Code Mem. Corr. |
2008-05-07 |
2017-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. |
5061 |
CVE-2008-2009 |
|
|
DoS Exec Code Mem. Corr. |
2008-05-16 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. |
5062 |
CVE-2008-1942 |
20 |
|
DoS Exec Code Mem. Corr. |
2008-04-25 |
2017-08-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186. |
5063 |
CVE-2008-1927 |
399 |
|
DoS Mem. Corr. |
2008-04-24 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. |
5064 |
CVE-2008-1807 |
189 |
|
Exec Code Mem. Corr. |
2008-06-16 |
2018-10-11 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. |
5065 |
CVE-2008-1769 |
399 |
|
DoS Mem. Corr. |
2008-04-25 |
2017-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. |
5066 |
CVE-2008-1762 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-04-12 |
2017-08-07 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. |
5067 |
CVE-2008-1739 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-09-03 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. |
5068 |
CVE-2008-1722 |
20 |
|
DoS Overflow Mem. Corr. |
2008-04-10 |
2018-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. |
5069 |
CVE-2008-1690 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-04-07 |
2017-08-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information. |
5070 |
CVE-2008-1590 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-07-14 |
2017-08-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. |
5071 |
CVE-2008-1582 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-06-10 |
2017-08-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. |
5072 |
CVE-2008-1577 |
|
|
DoS Exec Code Mem. Corr. |
2008-06-02 |
2017-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues." |
5073 |
CVE-2008-1575 |
399 |
|
Exec Code Mem. Corr. |
2008-06-02 |
2017-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. |
5074 |
CVE-2008-1530 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-03-27 |
2017-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs." |
5075 |
CVE-2008-1455 |
399 |
|
Exec Code Overflow Mem. Corr. |
2008-08-12 |
2018-10-30 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability." |
5076 |
CVE-2008-1442 |
119 |
|
Exec Code Overflow Mem. Corr. |
2008-06-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." |
5077 |
CVE-2008-1434 |
399 |
|
Exec Code Mem. Corr. |
2008-05-13 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. |
5078 |
CVE-2008-1367 |
399 |
|
Mem. Corr. |
2008-03-17 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. |
5079 |
CVE-2008-1340 |
399 |
|
DoS Mem. Corr. |
2008-03-19 |
2018-10-11 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption." |
5080 |
CVE-2008-1097 |
399 |
|
DoS Exec Code Overflow Mem. Corr. |
2008-03-05 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. |
5081 |
CVE-2008-1086 |
94 |
|
Exec Code Mem. Corr. |
2008-04-08 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. |
5082 |
CVE-2008-1085 |
94 |
|
Exec Code Mem. Corr. |
2008-04-08 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. |
5083 |
CVE-2008-1035 |
94 |
|
Exec Code Mem. Corr. |
2008-06-03 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier. |
5084 |
CVE-2008-1024 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-04-17 |
2017-08-07 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. |
5085 |
CVE-2008-1016 |
94 |
|
Exec Code Mem. Corr. |
2008-04-04 |
2017-08-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. |
5086 |
CVE-2008-0859 |
399 |
|
DoS Mem. Corr. |
2008-02-20 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption. |
5087 |
CVE-2008-0726 |
189 |
|
Exec Code Overflow Mem. Corr. |
2008-02-12 |
2018-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. |
5088 |
CVE-2008-0419 |
399 |
|
DoS Mem. Corr. |
2008-02-08 |
2018-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. |
5089 |
CVE-2008-0413 |
399 |
|
DoS Mem. Corr. |
2008-02-08 |
2018-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. |
5090 |
CVE-2008-0412 |
399 |
|
DoS Mem. Corr. |
2008-02-08 |
2018-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors. |
5091 |
CVE-2008-0387 |
189 |
|
Exec Code Overflow Mem. Corr. |
2008-01-28 |
2018-10-26 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. |
5092 |
CVE-2008-0324 |
399 |
|
DoS Mem. Corr. |
2008-01-16 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. |
5093 |
CVE-2008-0122 |
189 |
|
DoS Exec Code Mem. Corr. |
2008-01-15 |
2019-08-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. |
5094 |
CVE-2008-0121 |
399 |
|
Exec Code Mem. Corr. |
2008-08-12 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." |
5095 |
CVE-2008-0120 |
399 |
|
Exec Code Overflow Mem. Corr. |
2008-08-12 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." |
5096 |
CVE-2008-0119 |
94 |
|
Exec Code Mem. Corr. |
2008-05-13 |
2018-10-15 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." |
5097 |
CVE-2008-0118 |
94 |
|
Exec Code Mem. Corr. |
2008-03-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." |
5098 |
CVE-2008-0114 |
94 |
|
Exec Code Mem. Corr. |
2008-03-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. |
5099 |
CVE-2008-0113 |
94 |
|
Exec Code Mem. Corr. |
2008-03-11 |
2018-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." |
5100 |
CVE-2008-0109 |
399 |
|
Exec Code Mem. Corr. |
2008-02-12 |
2018-10-15 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. |