CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Powerpoint » 2002 SP3 : Security Vulnerabilities

Cpe Name:cpe:/a:microsoft:powerpoint:2002:sp3
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-1270 119 Exec Code Overflow 2011-05-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
2 CVE-2011-1269 20 Exec Code Mem. Corr. 2011-05-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."
3 CVE-2011-0656 20 DoS Exec Code Mem. Corr. 2011-04-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."
4 CVE-2010-2573 189 Exec Code 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
5 CVE-2010-2572 119 Exec Code Overflow 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
6 CVE-2010-0032 94 Exec Code 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
7 CVE-2010-0031 94 Exec Code 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
8 CVE-2010-0030 119 Exec Code Overflow 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
9 CVE-2010-0029 119 Exec Code Overflow 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
10 CVE-2009-0556 94 Exec Code Mem. Corr. 2009-04-03 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
11 CVE-2006-3449 Exec Code Overflow 2006-08-08 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
12 CVE-2006-0022 Exec Code Mem. Corr. 2006-06-13 2018-10-12
7.6
Admin Remote High Not required Complete Complete Complete
Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
13 CVE-2004-0848 Exec Code Overflow 2005-02-08 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
Total number of vulnerabilities : 13   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.