A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scrip ...
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scriptin ...
The host is installed with Microsoft Office 2007 or Microsoft Works 6-9 File Converter or Microsoft Works 9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly validate the .wps file format when parsing a specially crafted file. Successful exploitation allows remote attackers to execute arbitrary code.
The host is installed Microsoft Visio Viewer 2010 Gold or SP1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted visio files. Successful exploitation could allow attackers to execute arbitrary code.
The host is installed with Microsoft Office 2007 SP2/SP3 or Office 2010 and is prone to remote code execution vulnerability. A flaw is present in the in Microsoft Office, which fails to handle a specially crafted Computer Graphics Metafile (CGM) graphics file into an Office file. Successful exploitation could allow an attacker to gain the same user rights as the local user and take complete contro ...
The host is installed with Microsoft visio 2010 SP1 or Visio viewer 2010 SP1 and is prone to remote code execution vulnerability. A flaw is present in the in Microsoft Office, which fails to handle a specially crafted Visio file. Successful exploitation could allow an attacker to gain the same user rights as the local user and take complete control of an affected system.
The host is installed with Microsoft OneNote 2010 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly validate a buffer size. Successful exploitation allows attackers to read arbitrary data in memory.
The host is installed with Microsoft Visio 2010, Visio Viewer 2010 or Office 2010 Filter pack and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle memory when parsing specially crafted Visio files. Successful exploitation allows attackers to run arbitrary code in the context of the current user.
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."