Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 1999-01-01 |
| Product | Project | Last view | 2020-06-09 |
| Version | 2000 | Type | |
| Update | sr1 | ||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2020-06-09 | CVE-2020-1322 | An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'. |
| 8.8 | 2020-04-15 | CVE-2020-0760 | A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. |
| 7.8 | 2019-09-11 | CVE-2019-1264 | A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'. |
| 7.8 | 2018-11-13 | CVE-2018-8575 | A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server. |
| 9.3 | 2015-11-11 | CVE-2015-2503 | Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability." |
| 9.3 | 2009-10-14 | CVE-2009-3126 | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." |
| 9.3 | 2009-10-14 | CVE-2009-2528 | GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." |
| 9.3 | 2009-10-14 | CVE-2009-2504 | Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." |
| 9.3 | 2009-10-14 | CVE-2009-2503 | GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." |
| 9.3 | 2009-10-14 | CVE-2009-2502 | Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." |
| 9.3 | 2009-10-14 | CVE-2009-2501 | Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." |
| 9.3 | 2009-10-14 | CVE-2009-2500 | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." |
| 8.5 | 2008-12-10 | CVE-2008-4256 | The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." |
| 9.3 | 2008-12-10 | CVE-2008-4255 | Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." |
| 8.5 | 2008-12-10 | CVE-2008-4254 | Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." |
| 8.5 | 2008-12-10 | CVE-2008-4253 | The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." |
| 8.5 | 2008-12-10 | CVE-2008-4252 | The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." |
| 9.3 | 2008-04-08 | CVE-2008-1088 | Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." |
| 9.3 | 2007-02-02 | CVE-2007-0671 | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. |
| 9.3 | 2006-10-10 | CVE-2006-3877 | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. |
| 9.3 | 2006-10-10 | CVE-2006-3864 | Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. |
| 7.5 | 2005-08-19 | CVE-2005-2127 | Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability." |
| 7.5 | 2005-02-08 | CVE-2004-0848 | Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. |
| 9.3 | 2004-09-28 | CVE-2004-0200 | Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. |
| 10 | 2003-10-20 | CVE-2003-0347 | Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 21% (4) | CWE-189 | Numeric Errors |
| 21% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 21% (4) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 15% (3) | CWE-399 | Resource Management Errors |
| 10% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 5% (1) | CWE-125 | Out-of-bounds Read |
| 5% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:4307 | GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002) |
| oval:org.mitre.oval:def:4216 | GDI+ JPEG Parsing Engine Buffer Overflow (IE6) |
| oval:org.mitre.oval:def:4003 | GDI+ JPEG Parsing Engine Buffer Overflow (Windows XP) |
| oval:org.mitre.oval:def:3881 | GDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2) |
| oval:org.mitre.oval:def:3810 | GDI+ JPEG Parsing Engine Buffer Overflow (Project 2003) |
| oval:org.mitre.oval:def:3320 | GDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003 |
| oval:org.mitre.oval:def:3082 | GDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002) |
| oval:org.mitre.oval:def:3038 | GDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1) |
| oval:org.mitre.oval:def:2706 | GDI+ JPEG Parsing Engine Buffer Overflow (Office 2003) |
| oval:org.mitre.oval:def:1721 | GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003) |
| oval:org.mitre.oval:def:1105 | GDI+ JPEG Parsing Engine Buffer Overflow (Server 2003) |
| oval:org.mitre.oval:def:4022 | Office XP URL Buffer Overflow |
| oval:org.mitre.oval:def:2738 | Microsoft Office Visio Professional URL Buffer Overflow |
| oval:org.mitre.oval:def:2348 | Windows Project Professional URL Buffer Overflow |
| oval:org.mitre.oval:def:1538 | Win2K/XP,SP1 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1535 | Win2k,SP4 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1468 | WinXP,SP2 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1464 | Server 2003,SP1 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1454 | Server 2003 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1155 | WinXP,SP1 (64-bit) DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:632 | Office Malformed Record Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:568 | PowerPoint Malformed Record Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:220 | Microsoft PowerPoint Malformed Record Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:301 | Excel Malformed Record Vulnerability |
| oval:org.mitre.oval:def:5384 | Project Memory Validation Vulnerability |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Office Art Property Table Memory Corruption | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 58869 | Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code E... |
| 58868 | Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow |
| 58867 | Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation |
| 58866 | Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitr... |
| 58865 | Microsoft Multiple Products GDI+ TIFF Image Handling Overflow |
| 58864 | Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow |
| 58863 | Microsoft Multiple Products GDI+ WMF Image Handling Overflow |
| 50581 | Microsoft Visual Basic Charts Control ActiveX (Mschrt20.ocx) Unspecified Memo... |
| 50580 | Microsoft Visual Basic Animation ActiveX (mscomct2.ocx) AVI Parsing Memory Co... |
| 50579 | Microsoft Visual Basic Hierarchical FlexGrid ActiveX (mshflxgd.ocx) Multiple ... |
| 50578 | Microsoft Visual Basic FlexGrid ActiveX (msflxgrd.ocx) Unspecified Memory Cor... |
| 50577 | Microsoft Visual Basic DataGrid ActiveX (msdatgrd.ocx) Unspecified Memory Cor... |
| 44212 | Microsoft Project File Handling Unspecified Arbitrary Code Execution |
| 31901 | Microsoft Office Unspecified String Handling Arbitrary Code Execution |
| 29448 | Microsoft PowerPoint Crafted File Unspecified Code Execution |
| 29429 | Microsoft Office mso.dll Malformed Record Handling Arbitrary Code Execution |
| 19093 | Microsoft Design Tools msdds.dll COM Object Arbitrary Code Execution |
| 13594 | Microsoft Office XP URL Overflow |
| 12652 | Microsoft Visual Basic for Applications (VBA) VBE.DLL and VBE6.DLL Long ID Ov... |
| 10993 | Visual Basic for Applications Forms ActiveX Control Arbitrary Clipboard Conte... |
| 9951 | Microsoft Multiple Products GDIPlus.dll JPEG Processing Overflow |
| 3008 | Microsoft IE OWC Cut/Paste Data Read and Injection |
| 3007 | Microsoft IE OWC LoadText Read Arbitrary File |
| 3006 | Microsoft IE OWC Script Execution |
| 2692 | Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Comman... |
ExploitDB Exploits
| id | Description |
|---|---|
| 7431 | Microsoft Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-10-21 | Name : Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) File : nvt/secpod_ms09-062.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2009-A-0099 | Multiple Vulnerabilities in Microsoft GDI+ Severity: Category I - VMSKEY: V0021759 |
| 2009-B-0009 | Microsoft Security Update of ActiveX Kill Bits Severity: Category I - VMSKEY: V0018406 |
| 2008-A-0088 | Multiple Vulnerabilities in Microsoft Visual Basic 6.0 Severity: Category II - VMSKEY: V0017907 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Forms 2.0 ComboBox ActiveX CLSID unicode access RuleID : 7955 - Type : WEB-ACTIVEX - Revision : 7 |
| 2014-01-10 | Microsoft Forms 2.0 ComboBox ActiveX clsid access RuleID : 7954 - Type : BROWSER-PLUGINS - Revision : 12 |
| 2014-01-10 | Microsoft Office Data Source Control 10.0 ActiveX clsid unicode access RuleID : 7877 - Type : WEB-ACTIVEX - Revision : 10 |
| 2014-01-10 | Microsoft Office Data Source Control 10.0 ActiveX clsid access RuleID : 7876 - Type : BROWSER-PLUGINS - Revision : 18 |
| 2014-01-10 | Microsoft Office PivotTable 10.0 ActiveX CLSID unicode access RuleID : 7875 - Type : WEB-ACTIVEX - Revision : 7 |
| 2014-01-10 | Microsoft Office PivotTable 10.0 ActiveX clsid access RuleID : 7874 - Type : BROWSER-PLUGINS - Revision : 12 |
| 2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX clsid unicode access RuleID : 7873 - Type : WEB-ACTIVEX - Revision : 9 |
| 2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX clsid access RuleID : 7872 - Type : BROWSER-PLUGINS - Revision : 17 |
| 2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 6700 - Type : FILE-IMAGE - Revision : 20 |
| 2019-08-27 | Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt RuleID : 50798 - Type : FILE-IMAGE - Revision : 1 |
| 2014-01-10 | Microsoft Internet Explorer WMI ASDI Extension ActiveX object access RuleID : 4236 - Type : BROWSER-PLUGINS - Revision : 16 |
| 2014-01-10 | Microsoft Internet Explorer Helper Object for Java ActiveX object access RuleID : 4235 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer MSVTDGridCtrl7 ActiveX object access RuleID : 4234 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer Visual Database Tools Query Designer v7.0 ActiveX... RuleID : 4233 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer SysTray Invoker ActiveX object access RuleID : 4232 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer SysTray ActiveX object access RuleID : 4231 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer Search Assistant UI ActiveX object access RuleID : 4230 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer MSAPP Export Support for Office Access ActiveX ob... RuleID : 4229 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Windows Start Menu ActiveX object access RuleID : 4228 - Type : BROWSER-PLUGINS - Revision : 14 |
| 2014-01-10 | Microsoft Internet Explorer Network Connections ActiveX object access RuleID : 4227 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer DocHost User Interface Handler ActiveX object access RuleID : 4226 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer Repository ActiveX object access RuleID : 4225 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer VideoPort ActiveX object access RuleID : 4224 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer OpenCable Class ActiveX object access RuleID : 4223 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer Outllib.dll ActiveX object access RuleID : 4222 - Type : BROWSER-PLUGINS - Revision : 15 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-11-10 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO |
| 2014-03-10 | Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r... File: smb_kb957488.nasl - Type: ACT_GATHER_INFO |
| 2009-10-15 | Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r... File: smb_nt_ms09-062.nasl - Type: ACT_GATHER_INFO |
| 2009-02-11 | Name: The remote Windows host is missing a security update containing ActiveX kill ... File: smb_kb_960715.nasl - Type: ACT_GATHER_INFO |
| 2008-12-10 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms08-070.nasl - Type: ACT_GATHER_INFO |
| 2008-04-11 | Name: Arbitrary code can be executed on the remote host through Microsoft Project. File: smb_nt_ms08-018.nasl - Type: ACT_GATHER_INFO |
| 2007-02-13 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms_office_feb2006.nasl - Type: ACT_GATHER_INFO |
| 2007-02-13 | Name: Arbitrary code can be executed on the remote host through Microsoft Office. File: smb_nt_ms07-015.nasl - Type: ACT_GATHER_INFO |
| 2006-10-11 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms_office_oct2006.nasl - Type: ACT_GATHER_INFO |
| 2006-10-10 | Name: Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File: smb_nt_ms06-058.nasl - Type: ACT_GATHER_INFO |
| 2006-10-10 | Name: Arbitrary code can be executed on the remote host through Microsoft Office. File: smb_nt_ms06-062.nasl - Type: ACT_GATHER_INFO |
| 2005-10-11 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms05-052.nasl - Type: ACT_GATHER_INFO |
| 2005-02-09 | Name: Arbitrary code can be executed on the remote host through the Office client. File: smb_nt_ms05-005.nasl - Type: ACT_GATHER_INFO |
| 2004-09-28 | Name: The remote host may have been compromised File: radmin_port_10002.nasl - Type: ACT_GATHER_INFO |
| 2004-09-24 | Name: It is possible to log into the remote host without a password. File: smb_login_as_x.nasl - Type: ACT_GATHER_INFO |
| 2004-09-14 | Name: Arbitrary code can be executed on the remote host. File: smb_nt_ms04-028.nasl - Type: ACT_GATHER_INFO |
| 2003-09-04 | Name: Arbitrary code can be executed on the remote host through VBA. File: smb_nt_ms03-037.nasl - Type: ACT_GATHER_INFO |
