jetlib.sec » Tags » office

Feeds

133444 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

232 items tagged "office"

Related tags: avaya [+], visio [+], viewer [+], tiff [+], s system [+], office art [+], ip office [+], hijacking [+], group office [+], group [+], dll [+], tiff import [+], rtf file [+], flashpix [+], privawall [+], pict [+], microsoft photo editor [+], microsoft office xp [+], microsoft office 2007 [+], microsoft office 2003 [+], image [+], evasion [+], denial of service [+], command execution [+], antivirus office [+], antivirus [+], zdi [+], proof of concept [+], overflow [+], manager [+], image converter [+], home [+], forgery [+], feng [+], exploits [+], directory traversal vulnerability [+], art drawing [+], arbitrary code execution [+], arbitrary code [+], record [+], publisher [+], powerpoint [+], overflow vulnerability [+], office publisher [+], office documents [+], office 1 [+], microsoft office document [+], kingsoft [+], import filter [+], graphic filter [+], edrawsoft [+], edraw [+], doc [+], dang [+], converter [+], code [+], buffer overflow vulnerabilities [+], bruce dang [+], black hat [+], application [+], safer use [+], vulnerability [+], xls file [+], x buffer [+], service avaya [+], server [+], poc [+], office xp service pack 3 [+], office xp service pack [+], microsoft office powerpoint [+], microsoft office document imaging [+], manager tftp [+], invalid pointer [+], integer overflow vulnerability [+], document [+], cross [+], component version [+], buffer [+], audio [+], art [+], arduino [+], microsoft office [+], excel [+], code execution [+], zolsoft [+], zero day [+], windows [+], webapps [+], version 6 [+], usa [+], understanding [+], tiff images [+], stack overflow [+], sql injection [+], sql [+], security vulnerabilities [+], security posture [+], rop [+], rar [+], pdf [+], patches [+], overwrite [+], outlook [+], office server [+], office security [+], office of inspector general [+], mso [+], mscomctl [+], microsoft patches [+], microsoft office user [+], malware [+], mac [+], inspector general [+], input validation [+], htmldlghelper [+], heap corruption [+], exception [+], excel formula [+], e press [+], dhs [+], day [+], class memory [+], celframe [+], aug [+], asia [+], access [+], buffer overflow vulnerability [+], buffer overflow [+], zero [+], xls [+], xlb [+], wordperfect office [+], wordperfect [+], word html [+], word bookmarks [+], windows office [+], windowless office [+], window message [+], web [+], virtual presence [+], vigo [+], video [+], victim machine [+], vending machine [+], validation error [+], user [+], uninitialized pointer [+], ultra [+], twitter [+], traffic light [+], traffic [+], tpti [+], tourist advice [+], tourist [+], timer [+], thermistor [+], temperature probe [+], temperature monitoring [+], temperature [+], telecommuting employees [+], targeted [+], susan [+], suite 1 [+], suite [+], stream ciphers [+], stream [+], stop [+], sticky note [+], stack [+], spid [+], sip [+], seven segment displays [+], servo [+], service vulnerability [+], server directory [+], security technologies [+], security gate [+], screen [+], router [+], remote [+], real time data [+], read av [+], quicklook [+], python [+], public ip [+], property [+], projector [+], probe [+], presses [+], powerpoint viewer [+], pivottable [+], phone call [+], phone [+], pfragments [+], persistent [+], payload [+], payback [+], paul rea [+], overflow error [+], overflow code [+], operation payback [+], operation [+], office xp [+], office web components [+], office productivity suite [+], office mates [+], office changes [+], office case [+], office 2000 [+], ocx [+], news [+], new location [+], new clock [+], my own [+], multiple buffer overflow [+], monitoring system [+], misuse [+], microsoft windows [+], microsoft office web components [+], microsoft office communicator [+], microsoft excel 2002 [+], messenger [+], linux security [+], lighting [+], lhost [+], leds [+], led [+], laser printer [+], laptop stand [+], laptop [+], lan [+], jon howell [+], iphone [+], insertion [+], inch [+], holiday [+], heap [+], halloween [+], hackaday [+], groove [+], ghostbusters ii [+], gate [+], friend shares [+], friend [+], four holes [+], forensic approach [+], foreign office [+], foreign [+], foot traffic [+], foot [+], film ghostbusters [+], file conversion [+], file [+], exploit [+], excel user [+], eric filiol [+], eric [+], dsa [+], doorbell [+], don [+], dispenser [+], digital [+], decorate [+], debian linux [+], data validation [+], dangling pointer [+], dan [+], cve [+], crystal office [+], crystal [+], coworkers [+], could allow remote code execution [+], corel [+], core [+], control [+], conditioner [+], conditional expression [+], communicator [+], com [+], closer look [+], clock [+], clickonce [+], classic film [+], claims [+], cache data [+], bugtraq [+], borders [+], bof [+], biosphere [+], bigant [+], beta [+], beer dispenser [+], beer [+], avr chip [+], avaya ip office [+], attiny [+], art shape [+], art object [+], arnold worldwide [+], application execution [+], apple mac os x [+], apple mac os [+], air conditioner [+], air [+], activex control [+], activex [+], Support [+], General [+], BackTrack [+], office excel [+], microsoft office word [+], memory corruption [+], word [+], txt [+], based buffer overflow [+], microsoft [+], stack buffer [+], tiff image [+], hacks [+], rtf [+], critical vulnerability [+]

• May 10, 2012
• 0:00

  Vuln: PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability

  Tags:  office privawall antivirus antivirus-office evasion vulnerability  

• April 25, 2012
• 11:57

  MS12-027 MSCOMCTL ActiveX Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.

  Tags:  office buffer mscomctl stack-buffer buffer-overflow rop  

• 11:57

  MS12-027 MSCOMCTL ActiveX Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.

  Tags:  office buffer mscomctl stack-buffer buffer-overflow rop  

• April 19, 2012
• 0:00

  Vuln: Microsoft Office RTF File Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office RTF File Stack Buffer Overflow Vulnerability

  Tags:  rtf office microsoft buffer-overflow-vulnerability stack-buffer rtf-file  

• April 18, 2012
• 14:00

  [local exploits] - Office 2008 sp0 RTF Pfragments MAC exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Office 2008 sp0 RTF Pfragments MAC exploit

  Tags:  rtf exploit office mac exploits  

• 2:02

  Office 2008 SP0 RTF Pfragments MAC Exploit

   » ‎ Packet Storm Security Exploits
  Microsoft Office 2008 SP0 RTF Pfragments exploit for the Mac.

  Tags:  rtf office pfragments mac microsoft-office microsoft  

• April 12, 2012
• 8:36

  Crystal Office Suite 1.43 Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Crystal Office Suite version 1.43 suffers from a buffer overflow vulnerability.

  Tags:  office suite crystal buffer-overflow-vulnerability crystal-office suite-1  

• March 21, 2012
• 0:00

  Vuln: PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability

  Tags:  office privawall antivirus antivirus-office evasion vulnerability  

• March 13, 2012
• 10:22

  PrivaWall Antivirus Office XML Format Evasion/Bypass

   » ‎ Packet Storm Security Advisories
  PrivaWall Antivirus suffers from an Office XML format evasion / bypass vulnerability. Versions 5.6 and below are affected.

  Tags:  office privawall antivirus antivirus-office evasion vulnerability  

• 10:22

  PrivaWall Antivirus Office XML Format Evasion/Bypass

   » ‎ Packet Storm Security Recent Files
  PrivaWall Antivirus suffers from an Office XML format evasion / bypass vulnerability. Versions 5.6 and below are affected.

  Tags:  office privawall antivirus antivirus-office evasion vulnerability  

• 10:22

  PrivaWall Antivirus Office XML Format Evasion/Bypass

   » ‎ Packet Storm Security Misc. Files
  PrivaWall Antivirus suffers from an Office XML format evasion / bypass vulnerability. Versions 5.6 and below are affected.

  Tags:  office privawall antivirus antivirus-office evasion vulnerability  

• 9:00

  Bugtraq: PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability

  Tags:  office privawall antivirus antivirus-office evasion vulnerability  

• January 31, 2012
• 14:00

  [dos / poc] - EdrawSoft Office Viewer Component ActiveX 5.6 BoF PoC

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - EdrawSoft Office Viewer Component ActiveX 5.6 BoF PoC

  Tags:  poc office edrawsoft  

• 7:55

  EdrawSoft Office Viewer Component ActiveX 5.6 Buffer Overflow

   » ‎ Packet Storm Security Exploits
  EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.

  Tags:  office viewer edrawsoft buffer-overflow-vulnerability memory-corruption arbitrary-code  

• 7:55

  EdrawSoft Office Viewer Component ActiveX 5.6 Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.

  Tags:  office viewer edrawsoft buffer-overflow-vulnerability memory-corruption arbitrary-code  

• 7:55

  EdrawSoft Office Viewer Component ActiveX 5.6 Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.

  Tags:  office viewer edrawsoft buffer-overflow-vulnerability memory-corruption arbitrary-code  

• January 25, 2012
• 14:00

  [local exploits] - Microsoft Office 2003 (.doc) Command Exec and local BOF (msf)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Microsoft Office 2003 (.doc) Command Exec and local BOF (msf)

  Tags:  office microsoft doc microsoft-office-2003 bof exploits  

• 13:46

  Microsoft Office 2003 .doc Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a buffer overflow in Microsoft Office 2003 and command execution with .a malicious doc file .

  Tags:  office microsoft doc microsoft-office-2003 buffer-overflow command-execution  

• 13:46

  Microsoft Office 2003 .doc Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a buffer overflow in Microsoft Office 2003 and command execution with .a malicious doc file .

  Tags:  office microsoft doc microsoft-office-2003 buffer-overflow command-execution  

• 13:46

  Microsoft Office 2003 .doc Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a buffer overflow in Microsoft Office 2003 and command execution with .a malicious doc file .

  Tags:  office microsoft doc microsoft-office-2003 buffer-overflow command-execution  

• 5:01

  Stop light converted to control office foot traffic

   » ‎ Hack a Day
  When [Paul Rea] started work with his current employer, he was intrigued by a traffic light that sat unused near the entrance of the “Engineering Loft” where he was stationed. He promised himself that he would get it working one day, but several years passed before he had the chance to take a closer look [...]

  Tags:  stop traffic office paul-rea foot-traffic traffic-light closer-look arduino hacks  

• January 19, 2012
• 21:32

  [Audio] Understanding Targeted Attacks with Office Documents

   » ‎ SecDocs
  Authors: Bruce Dang
  Tags: Office
  Event: Black Hat Asia 2008
  

  Tags:  office audio understanding bruce-dang asia office-documents black-hat dang  

• 21:32

  [Slides] Understanding Targeted Attacks with Office Documents

   » ‎ SecDocs
  Authors: Bruce Dang
  Tags: Office
  Event: Black Hat Asia 2008
  

  Tags:  office targeted understanding bruce-dang asia office-documents black-hat dang  

• January 12, 2012
• 9:00

  Bugtraq: Office arbitrary ClickOnce application execution vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Office arbitrary ClickOnce application execution vulnerability

  Tags:  office clickonce application application-execution vulnerability  

• January 09, 2012
• 0:00

  Vuln: Microsoft Office RTF File Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office RTF File Stack Buffer Overflow Vulnerability

  Tags:  rtf office microsoft buffer-overflow-vulnerability stack-buffer rtf-file  

• January 08, 2012
• 14:00

  [local exploits] - Microsoft Office 2003 Home/Pro 0day

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Microsoft Office 2003 Home/Pro 0day

  Tags:  office microsoft home microsoft-office-2003 exploits  

• 8:44

  Microsoft Office 2003 Home/Pro Buffer Overflow

   » ‎ Packet Storm Security Exploits
  Microsoft Office 2003 Home/Pro buffer overflow exploit with a magic payload download.

  Tags:  office microsoft home microsoft-office-2003 buffer-overflow payload  

• January 02, 2012
• 19:14

  Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code office microsoft microsoft-office-2007 code-execution safer-use  

• 19:09

  Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft conditional-expression safer-use office-excel  

• December 13, 2011
• 14:00

  Bugtraq: ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability

  Tags:  office microsoft record art-shape microsoft-office-2007 code-execution  

• 14:00

  Bugtraq: ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability

  Tags:  office microsoft word microsoft-office-word code-execution zdi  

• November 25, 2011
• 10:11

  Beer dispenser talks to customers, announces office parties via Twitter

   » ‎ Hack a Day
  Just about the only thing better than beer is free beer. Staff at the Arnold Worldwide ad agency are free to imbibe in the office’s lounge area, but a few employees thought that it would be pretty awesome to have their beer stash offered up by a vending machine. Using a grant that the company [...]

  Tags:  dispenser office beer arnold-worldwide vending-machine beer-dispenser twitter hacks  

• November 22, 2011
• 17:00

  MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ (recType 0x5D) record an attacker can get the control of the execution flow. This results arbitrary code execution under the context of the user.

  Tags:  excel office microsoft arbitrary-code-execution microsoft-office-xp xls-file  

• 17:00

  MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ (recType 0x5D) record an attacker can get the control of the execution flow. This results arbitrary code execution under the context of the user.

  Tags:  excel office microsoft arbitrary-code-execution microsoft-office-xp xls-file  

• 14:00

  [local exploits] - MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

  Tags:  excel office microsoft office-excel microsoft-office overflow  

• November 21, 2011
• 14:00

  [local exploits] - MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

  Tags:  excel office microsoft office-excel microsoft-office overflow  

• November 17, 2011
• 9:01

  Simple telepresence hack lets remote user rotate this laptop

   » ‎ Hack a Day
  [Kris] wanted to make the telecommuting employees at his office feel a little more in control of their virtual presence in the office. He gave them a way to look around without needing to go into full-blown robotics. This laptop stand has a Lazy Susan connected to a servo motor to give the user control [...]

  Tags:  user laptop office susan virtual-presence telecommuting-employees laptop-stand arduino hacks  

• November 06, 2011
• 15:54

  MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow. This results in arbitrary code execution under the context of the user.

  Tags:  excel office microsoft arbitrary-code-execution based-buffer-overflow microsoft-office-2007  

• 15:54

  MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow. This results in arbitrary code execution under the context of the user.

  Tags:  excel office microsoft arbitrary-code-execution based-buffer-overflow microsoft-office-2007  

• 15:54

  MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow. This results in arbitrary code execution under the context of the user.

  Tags:  excel office microsoft arbitrary-code-execution based-buffer-overflow microsoft-office-2007  

• November 04, 2011
• 15:00

  [local exploits] - MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow

  Tags:  excel office microsoft buffer-overflow microsoft-office-2007 xlb  

• October 27, 2011
• 13:01

  [Vigo's] stare follows you wherever you go

   » ‎ Hack a Day
  To decorate the office for Halloween [Eric] decided to make [Vigo the Carpathian] stare at passersby. We hope that readers recognize this image, but for those younger hackers who don’t, this painting of [Vigo] played an important part in the classic film Ghostbusters II. In the movie, his eyes appeared to be following anyone looking at [...]

  Tags:  halloween decorate office eric vigo film-ghostbusters ghostbusters-ii classic-film holiday hacks  

• September 17, 2011
• 6:00

  ATtiny Hacks: Simple USB temperature probe

   » ‎ Hack a Day
  [Dan’s] office is awfully hot, but he needed some real temperature numbers that he could show the building management office to justify opening a maintenance ticket. He had seen some simple temperature probe examples online, and decided to build his own using a small AVR chip. Based off a similar temperature monitoring example called EasyLogger, [...]

  Tags:  probe temperature office dan avr-chip temperature-probe temperature-monitoring attiny hacks  

• September 13, 2011
• 0:00

  Vuln: Microsoft Office 'MSO.dll' Uninitialized Pointer (CVE-2011-1982) Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office 'MSO.dll' Uninitialized Pointer (CVE-2011-1982) Remote Code Execution Vulnerability

  Tags:  office mso microsoft uninitialized-pointer code-execution microsoft-office  

• August 04, 2011
• 12:44

  Microsoft Office MSO Size Handling Integer Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Contains a vulnerability caused by an integer overflow error in the MSO component.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office mso microsoft integer-overflow-vulnerability overflow-error safer-use  

• 4:02

  Air conditioner regulation using a hobby servo

   » ‎ Hack a Day
  For anyone that works in a large office building, odds are you know the pains of dealing with a poorly regulated HVAC system. [Robovergne] and his co-workers recently moved to a new location, and found that the air conditioning control was less than effective, leaving the office as hot as a sauna or as cold [...]

  Tags:  conditioner air office air-conditioner new-location servo arduino hacks  

• July 14, 2011
• 16:59

  Microsoft Office Excel RealTimeData Record Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft code-execution safer-use office-excel  

• July 13, 2011
• 0:00

  Vuln: Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities

  Tags:  office ocx viewer denial-of-service  

• July 11, 2011
• 18:39

  Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Contains a vulnerability caused by a stack overwrite error when parsing the RTD RealTimeData record (0813h).

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft overwrite real-time-data safer-use office-excel  

• July 09, 2011
• 0:00

  Vuln: Apple Mac OS X Quicklook Office File Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Apple Mac OS X Quicklook Office File Memory Corruption Vulnerability

  Tags:  office file quicklook apple-mac-os memory-corruption apple-mac-os-x  

• July 08, 2011
• 6:52

  Avaya IP Office Manager TFTP Server 8.1 Directory Traversal

   » ‎ Packet Storm Security Exploits
  Avaya IP Office Manager TFTP server version 8.1 suffers from a remote directory traversal vulnerability.

  Tags:  server avaya office manager-tftp directory-traversal-vulnerability ip-office  

• 6:52

  Avaya IP Office Manager TFTP Server 8.1 Directory Traversal

   » ‎ Packet Storm Security Recent Files
  Avaya IP Office Manager TFTP server version 8.1 suffers from a remote directory traversal vulnerability.

  Tags:  server avaya office manager-tftp directory-traversal-vulnerability ip-office  

• 6:52

  Avaya IP Office Manager TFTP Server 8.1 Directory Traversal

   » ‎ Packet Storm Security Misc. Files
  Avaya IP Office Manager TFTP server version 8.1 suffers from a remote directory traversal vulnerability.

  Tags:  server avaya office manager-tftp directory-traversal-vulnerability ip-office  

• 0:00

  Vuln: Avaya IP Office Manager TFTP Server Remote Directory Traversal Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Avaya IP Office Manager TFTP Server Remote Directory Traversal Vulnerability

  Tags:  avaya office manager directory-traversal-vulnerability ip-office  

• July 07, 2011
• 21:00

  [remote exploits] - Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability

  Tags:  avaya office manager directory-traversal-vulnerability server-directory  

• July 06, 2011
• 14:24

  Microsoft Office XP Data Validation Record Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code office microsoft microsoft-office-xp data-validation code-execution  

• July 04, 2011
• 0:00

  Vuln: Microsoft Office RTF File Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office RTF File Stack Buffer Overflow Vulnerability

  Tags:  rtf office microsoft buffer-overflow-vulnerability stack-buffer rtf-file  

• June 28, 2011
• 17:39

  Microsoft Office PowerPoint PersistDirectoryEntry Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft powerpoint microsoft-office-powerpoint code-execution safer-use  

• June 25, 2011
• 21:00

  [local exploits] - Microsoft Office Visio VISIODWG.DLL Crafted DXF File Handling Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Microsoft Office Visio VISIODWG.DLL Crafted DXF File Handling Overflow

  Tags:  office microsoft visio microsoft-office overflow  

• June 01, 2011
• 6:10

  Prototyping the new office clock

   » ‎ Hack a Day
  [Damage] was tapped to build a new clock to hang on the wall at the office. He got a hold of some 6.5 inch seven segment displays for the hours and minutes, as well as some 4.5 inch modules for the date and month. Rather than jump right in with the large hardware (especially because [...]

  Tags:  clock inch office seven-segment-displays new-clock hacks  

• April 29, 2011
• 14:18

  Microsoft Office Excel Buffer Overflow

   » ‎ Packet Storm Security Exploits
  Microsoft Office Excel Axis properties record parsing buffer overflow proof of concept exploit that leverages the issue discussed in MS11-021.

  Tags:  excel office microsoft buffer-overflow proof-of-concept office-excel  

• 14:18

  Microsoft Office Excel Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Microsoft Office Excel Axis properties record parsing buffer overflow proof of concept exploit that leverages the issue discussed in MS11-021.

  Tags:  excel office microsoft buffer-overflow proof-of-concept office-excel  

• 14:18

  Microsoft Office Excel Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Microsoft Office Excel Axis properties record parsing buffer overflow proof of concept exploit that leverages the issue discussed in MS11-021.

  Tags:  excel office microsoft buffer-overflow proof-of-concept office-excel  

• April 20, 2011
• 19:46

  Microsoft Office Excel Axis Properties Record Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code office microsoft code-execution safer-use office-excel  

• April 14, 2011
• 8:56

  Microsoft Office MSO Size Handling Integer Overflow

   » ‎ Packet Storm Security Advisories
  The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office. The vulnerability is caused by an integer overflow error in the MSO component when parsing certain values within an Office document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a malformed Office file (e.g. Word). Microsoft Office XP Service Pack 3 is affected.

  Tags:  office vulnerability microsoft microsoft-office-xp office-xp-service-pack office-xp-service-pack-3  

• 8:56

  Microsoft Office MSO Size Handling Integer Overflow

   » ‎ Packet Storm Security Recent Files
  The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office. The vulnerability is caused by an integer overflow error in the MSO component when parsing certain values within an Office document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a malformed Office file (e.g. Word). Microsoft Office XP Service Pack 3 is affected.

  Tags:  office vulnerability microsoft microsoft-office-xp office-xp-service-pack office-xp-service-pack-3  

• 8:56

  Microsoft Office MSO Size Handling Integer Overflow

   » ‎ Packet Storm Security Misc. Files
  The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office. The vulnerability is caused by an integer overflow error in the MSO component when parsing certain values within an Office document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a malformed Office file (e.g. Word). Microsoft Office XP Service Pack 3 is affected.

  Tags:  office vulnerability microsoft microsoft-office-xp office-xp-service-pack office-xp-service-pack-3  

• 4:01

  Doorbell hack makes coworkers less annoying

   » ‎ Hack a Day
  Hackaday reader [Sprite_tm] works in an office building that used to house several businesses, and as a remnant of the previous configuration, a doorbell sits in the hallway just outside his office. Several of his coworkers get a kick out of ringing the doorbell each time they enter the office. While not annoyed at the [...]

  Tags:  doorbell hackaday office coworkers digital audio hacks  

• April 12, 2011
• 19:46

  Microsoft Office Excel Office Art Object Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft art-object code-execution safer-use  

• April 08, 2011
• 7:16

  Home Office Claims Success For e-Borders Monitoring System

   » ‎ Packet Storm Security Headlines
  Home Office Claims Success For e-Borders Monitoring System

  Tags:  office claims home borders monitoring-system  

• April 01, 2011
• 14:00

  [webapps / 0day] - Feng Office 1.7.3.3 CSRF Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Feng Office 1.7.3.3 CSRF Vulnerability

  Tags:  office day feng webapps office-1 vulnerability  

• March 31, 2011
• 13:32

  Feng Office 1.7.3.3 Cross Site Request Forgery

   » ‎ Packet Storm Security Exploits
  Feng Office version 1.7.3.3 suffers from a cross site request forgery vulnerability.

  Tags:  office cross feng forgery office-1 vulnerability  

• 13:32

  Feng Office 1.7.3.3 Cross Site Request Forgery

   » ‎ Packet Storm Security Recent Files
  Feng Office version 1.7.3.3 suffers from a cross site request forgery vulnerability.

  Tags:  office cross feng forgery office-1 vulnerability  

• 13:32

  Feng Office 1.7.3.3 Cross Site Request Forgery

   » ‎ Packet Storm Security Misc. Files
  Feng Office version 1.7.3.3 suffers from a cross site request forgery vulnerability.

  Tags:  office cross feng forgery office-1 vulnerability  

• March 24, 2011
• 15:00

  [dos / poc] - Avaya IP Office Manager 8.1 TFTP DOS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - Avaya IP Office Manager 8.1 TFTP DOS

  Tags:  avaya poc office avaya-ip-office  

• 7:57

  Avaya IP Office Manager 8.1 TFTP Denial Of Service

   » ‎ Packet Storm Security Exploits
  Avaya IP Office Manager version 8.1 TFTP denial of service exploit.

  Tags:  avaya office manager service-avaya denial-of-service ip-office  

• 7:57

  Avaya IP Office Manager 8.1 TFTP Denial Of Service

   » ‎ Packet Storm Security Recent Files
  Avaya IP Office Manager version 8.1 TFTP denial of service exploit.

  Tags:  avaya office manager service-avaya denial-of-service ip-office  

• 7:57

  Avaya IP Office Manager 8.1 TFTP Denial Of Service

   » ‎ Packet Storm Security Misc. Files
  Avaya IP Office Manager version 8.1 TFTP denial of service exploit.

  Tags:  avaya office manager service-avaya denial-of-service ip-office  

• March 09, 2011
• 21:00

  Microsoft Office FlashPix Tile Data Two Buffer Overflow Vulnerabilities

   » ‎ SecuriTeam
  Microsoft Office contains two Buffer Overflow vulnerabilities in FlashPix Tile Data.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft flashpix buffer-overflow-vulnerabilities safer-use microsoft-office  

• 21:00

  Microsoft Office FlashPix Property Set Parsing Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Contains a vulnerability caused by a boundary error in the FlashPix graphics filter when parsing certain property sets.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft flashpix buffer-overflow-vulnerability safer-use  

• 21:00

  Microsoft Office TIFF Image Converter Two Buffer Overflow Vulnerabilities

   » ‎ SecuriTeam
  Microsoft Office Contains a Vulnerability in the TIFF Image Converter.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office converter microsoft tiff-image buffer-overflow-vulnerabilities safer-use  

• March 06, 2011
• 17:45

  Microsoft Office Document Imaging Endian Conversion Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Contains a vulnerability caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft document microsoft-office-document microsoft-office-document-imaging input-validation  

• 17:35

  Microsoft Office TIFF Image Converter Endian Conversion Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Contains a vulnerability caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT)

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office vulnerability microsoft tiff-image tiff-import graphic-filter safer-use  

• 17:05

  Microsoft Office PICT Filter Integer Truncation Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Contains a vulnerability caused by an integer truncation error in the PICT import filter (PICTIM32.FLT)

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office pict microsoft safer-use import-filter  

• March 04, 2011
• 17:40

  Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Publisher Contains a vulnerability is caused by an array indexing error in "pubconv.dll".

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft publisher safer-use office-publisher microsoft-office  

• 17:40

  Microsoft Office Publisher Record Array Indexing Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Publisher a contains a vulnerability caused by an array indexing error when processing a malformed record within a Publisher document.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft publisher safer-use office-publisher microsoft-office  

• 17:35

  Microsoft Office Publisher Size Value Heap Corruption Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Publisher contains a vulnerability caused by a heap corruption error in "pubconv.dll" while trusting a size value from a Publisher document.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft publisher heap-corruption safer-use office-publisher  

• March 03, 2011
• 16:16

  Microsoft To Fix Four Holes In Windows, Office

   » ‎ Packet Storm Security Headlines
  Microsoft To Fix Four Holes In Windows, Office

  Tags:  microsoft office four-holes windows-office  

• March 02, 2011
• 16:40

  Microsoft Office Publisher Memory Corruption Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Publisher Contains a Memory Corruption Vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft publisher memory-corruption safer-use office-publisher  

• 13:47

  Remote operated security gate lets you phone it in

   » ‎ Hack a Day
  [Itay] has a friend who works in a rented office where the parking lot is secured by a remote-controlled gate. Unfortunately, while his friend shares an office with several people, they only received a single remote. To help his friends out, he built a small device that triggers the remote control whenever a phone call [...]

  Tags:  gate friend office friend-shares security-gate phone-call phone hacks  

• February 26, 2011
• 6:29

  Screen tracking projector

   » ‎ Hack a Day
  [Jon Howell] came up with what he calls a gratuitous project which projects his name on his office door. The thing is, his office door slides on tracks so he made a projector that can follow the movement of that screen. He used a laser printer to make a black and white pattern that indexes the movement [...]

  Tags:  screen office projector jon-howell laser-printer news  

• February 25, 2011
• 14:00

  [remote exploits] - Edraw Office Viewer Component V7.4 ActiveX Stack Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - Edraw Office Viewer Component V7.4 ActiveX Stack Buffer Overflow

  Tags:  edraw office viewer stack-buffer buffer-overflow activex  

• 9:12

  Edraw Office Viewer Component 7.4 Active-X Buffer Overflow

   » ‎ Packet Storm Security Exploits
  Edraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.

  Tags:  edraw office viewer x-buffer stack-buffer buffer-overflow component-version  

• 9:12

  Edraw Office Viewer Component 7.4 Active-X Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Edraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.

  Tags:  edraw office viewer x-buffer stack-buffer buffer-overflow component-version  

• 9:12

  Edraw Office Viewer Component 7.4 Active-X Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Edraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.

  Tags:  edraw office viewer x-buffer stack-buffer buffer-overflow component-version  

• February 07, 2011
• 3:04

  Zero Day Initiative Advisory 11-041

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-041 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application parses an Office Art record within a Microsoft Excel Document. Specifically, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. When receiving a window message, the application will proceed to navigate this linked list. This will access a method from the malformed object which can lead to code execution under the context of the application.

  Tags:  office zero application art excel-user window-message office-art  

• January 26, 2011
• 7:03

  12 foot LED display keeps your office informed

   » ‎ Hack a Day
  Don’t reach for a sticky note when you need to leave a message for your office mates, write it down on a 12 foot LED marquee. [Kitesurfer1404] built this for his home office, but we’re sure he’ll find fun stuff to use it for. The display has 512 LEDs driven by plain old 595 shift [...]

  Tags:  led foot office don office-mates sticky-note leds hacks  

• January 12, 2011
• 13:58

  Microsoft Office PowerPoint Unknown Animation Node Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Powerpoint 2003.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft powerpoint code-execution safer-use arbitrary-code  

• December 30, 2010
• 0:00

  Vuln: Microsoft Office RTF File Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office RTF File Stack Buffer Overflow Vulnerability

  Tags:  rtf office microsoft buffer-overflow-vulnerability stack-buffer rtf-file  

• December 21, 2010
• 10:46

  Microsoft Office Excel Ghost Record Type Parsing Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Excel contains Vulnerability caused by an input validation error when processing certain elements in a Ghost record.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft validation-error input-validation safer-use  

• 9:44

  Microsoft Office FlashPix Property Set Parsing Buffer Overflow

   » ‎ Packet Storm Security Advisories
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the FlashPix graphics filter when parsing certain property sets. This can be exploited to cause a stack-based buffer overflow via a specially crafted FlashPix image. Successful exploitation allows execution of arbitrary code.

  Tags:  office microsoft flashpix based-buffer-overflow s-system  

• 9:44

  Microsoft Office FlashPix Property Set Parsing Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the FlashPix graphics filter when parsing certain property sets. This can be exploited to cause a stack-based buffer overflow via a specially crafted FlashPix image. Successful exploitation allows execution of arbitrary code.

  Tags:  office microsoft flashpix based-buffer-overflow s-system  

• 9:44

  Microsoft Office FlashPix Property Set Parsing Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the FlashPix graphics filter when parsing certain property sets. This can be exploited to cause a stack-based buffer overflow via a specially crafted FlashPix image. Successful exploitation allows execution of arbitrary code.

  Tags:  office microsoft flashpix based-buffer-overflow s-system  

• 0:00

  Vuln: Microsoft Office FlashPix Image Converter (CVE-2010-3951) Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office FlashPix Image Converter (CVE-2010-3951) Buffer Overflow Vulnerability

  Tags:  office microsoft flashpix buffer-overflow-vulnerability image-converter  

• 0:00

  Vuln: Microsoft Office FlashPix Image Converter (CVE-2010-3952) Multiple Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office FlashPix Image Converter (CVE-2010-3952) Multiple Buffer Overflow Vulnerabilities

  Tags:  office microsoft flashpix multiple-buffer-overflow buffer-overflow-vulnerabilities  

• 0:00

  Vuln: Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability

  Tags:  office pict microsoft integer-overflow-vulnerability image-converter  

• December 20, 2010
• 13:34

  Microsoft Office TIFF Image Converter Two Buffer Overflows

   » ‎ Packet Storm Security Advisories
  Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

  Tags:  office microsoft image tiff-image tiff tiff-import microsoft-photo-editor based-buffer-overflow  

• 13:34

  Microsoft Office TIFF Image Converter Two Buffer Overflows

   » ‎ Packet Storm Security Recent Files
  Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

  Tags:  office microsoft image tiff-image tiff tiff-import microsoft-photo-editor based-buffer-overflow  

• 13:34

  Microsoft Office TIFF Image Converter Two Buffer Overflows

   » ‎ Packet Storm Security Misc. Files
  Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

  Tags:  office microsoft image tiff-image tiff tiff-import microsoft-photo-editor based-buffer-overflow  

• 13:33

  Microsoft Office Document Imaging Endian Conversion

   » ‎ Packet Storm Security Recent Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application when converting certain data during parsing of TIFF images. This can be exploited to corrupt memory via a TIFF image containing specially crafted IFD entries. Successful exploitation may allow execution of arbitrary code.

  Tags:  office microsoft document tiff microsoft-office-document microsoft-office-document-imaging tiff-images  

• 13:33

  Microsoft Office Document Imaging Endian Conversion

   » ‎ Packet Storm Security Misc. Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application when converting certain data during parsing of TIFF images. This can be exploited to corrupt memory via a TIFF image containing specially crafted IFD entries. Successful exploitation may allow execution of arbitrary code.

  Tags:  office microsoft document tiff microsoft-office-document microsoft-office-document-imaging tiff-images  

• 13:18

  Microsoft Office TIFF Image Converter Endian Conversion

   » ‎ Packet Storm Security Advisories
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

  Tags:  office microsoft image tiff-image tiff tiff-import microsoft-photo-editor graphic-filter  

• 13:18

  Microsoft Office TIFF Image Converter Endian Conversion

   » ‎ Packet Storm Security Recent Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

  Tags:  office microsoft image tiff-image tiff tiff-import microsoft-photo-editor graphic-filter  

• 13:18

  Microsoft Office TIFF Image Converter Endian Conversion

   » ‎ Packet Storm Security Misc. Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

  Tags:  office microsoft image tiff-image tiff tiff-import microsoft-photo-editor graphic-filter  

• 13:14

  Microsoft Office PICT Filter Integer Truncation

   » ‎ Packet Storm Security Advisories
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer truncation error in the PICT import filter (PICTIM32.FLT). This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into importing a specially crafted PICT file. Successful exploitation may allow execution of arbitrary code.

  Tags:  office pict microsoft based-buffer-overflow import-filter s-system  

• 13:14

  Microsoft Office PICT Filter Integer Truncation

   » ‎ Packet Storm Security Recent Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer truncation error in the PICT import filter (PICTIM32.FLT). This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into importing a specially crafted PICT file. Successful exploitation may allow execution of arbitrary code.

  Tags:  office pict microsoft based-buffer-overflow import-filter s-system  

• 13:14

  Microsoft Office PICT Filter Integer Truncation

   » ‎ Packet Storm Security Misc. Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer truncation error in the PICT import filter (PICTIM32.FLT). This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into importing a specially crafted PICT file. Successful exploitation may allow execution of arbitrary code.

  Tags:  office pict microsoft based-buffer-overflow import-filter s-system  

• 0:00

  Vuln: Microsoft Office TIFF Image Converter (CVE-2010-3947) Heap Based Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office TIFF Image Converter (CVE-2010-3947) Heap Based Buffer Overflow Vulnerability

  Tags:  office converter microsoft tiff-image buffer-overflow-vulnerability based-buffer-overflow  

• 0:00

  Vuln: Microsoft Office TIFF Image Converter (CVE-2010-3950) Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office TIFF Image Converter (CVE-2010-3950) Memory Corruption Vulnerability

  Tags:  office converter microsoft tiff-image memory-corruption image-converter  

• 0:00

  Vuln: Microsoft Office TIFF Image Converter (CVE-2010-3949) Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office TIFF Image Converter (CVE-2010-3949) Buffer Overflow Vulnerability

  Tags:  office converter microsoft tiff-image buffer-overflow-vulnerability image-converter  

• 0:00

  Vuln: Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability

  Tags:  office pict microsoft integer-overflow-vulnerability image-converter  

• December 15, 2010
• 0:00

  Vuln: Microsoft Office Drawing Exception Handling Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Drawing Exception Handling Remote Code Execution Vulnerability

  Tags:  office microsoft exception code-execution microsoft-office vulnerability  

• 0:00

  Vuln: Microsoft Office Art Drawing Record Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Art Drawing Record Remote Code Execution Vulnerability

  Tags:  office microsoft record art-drawing code-execution office-art microsoft-office  

• 0:00

  Vuln: Microsoft Office Large SPID Read AV Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Large SPID Read AV Remote Code Execution Vulnerability

  Tags:  office microsoft spid read-av code-execution microsoft-office vulnerability  

• 0:00

  Vuln: Microsoft Office RTF File Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office RTF File Stack Buffer Overflow Vulnerability

  Tags:  rtf office microsoft buffer-overflow-vulnerability stack-buffer rtf-file  

• December 14, 2010
• 22:12

  Microsoft Office Excel Out-of-Bounds Memory Write Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Excel contains a vulnerability caused by a memory corruption error when processing certain structures in an Excel file.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office excel microsoft memory-corruption safer-use office-excel  

• 21:57

  Microsoft Office HtmlDlgHelper class memory corruption vulnerability

   » ‎ SecuriTeam
  Microsoft Windows is prone to a memory corruption vulnerability when instantiating the HtmlDlgHelper Class Object in a Microsoft Office Document (ie: .XLS, .DOC).

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft htmldlghelper microsoft-office-document memory-corruption class-memory  

• 10:42

  Microsoft Office Word Document Array Indexing Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word contains a critical vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word critical-vulnerability safer-use  

• 10:37

  Microsoft Office Word Document Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  A critical vulnerability was discovered in Microsoft Office Word.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word buffer-overflow-vulnerability microsoft-office-word critical-vulnerability  

• 10:37

  Microsoft Office Word Return Value Handling Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word contains a critical vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word critical-vulnerability safer-use  

• 10:37

  Microsoft Office Word Document Stack Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word contains a critical vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word overflow-vulnerability stack-overflow  

• December 09, 2010
• 19:03

  Microsoft Office Excel Negative Future Function Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Excel contains a memory corruption vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft memory-corruption safer-use office-excel  

• 18:58

  Microsoft Office Excel Merge Cell Record Invalid Pointer Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Excel contains an invalid pointer vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft invalid-pointer safer-use microsoft-office  

• 18:58

  Microsoft Office Excel Extra PtgExtraArray Parsing Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Excel contains a memory corruption vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft memory-corruption safer-use office-excel  

• 18:58

  Microsoft Office Word Uninitialized Pointer Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word contains a critical vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word critical-vulnerability safer-use  

• 18:53

  Microsoft Office Excel RealTimeData Array Indexing Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Excel contains an array indexing vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft safer-use office-excel microsoft-office  

• December 07, 2010
• 12:03

  Microsoft Office Excel Formula Record Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word contains a Buffer Overflow Vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office buffer microsoft buffer-overflow-vulnerability microsoft-office-word excel-formula  

• 12:03

  Microsoft Office Word Short Sign Memory Corruption Vulnerability

   » ‎ SecuriTeam
  A memory corruption vulnerability was discovered in Microsoft Office Word.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word memory-corruption safer-use  

• 12:03

  Microsoft Office Word LVL Structure Heap Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word contains a Overflow Vulnerability in LVL Structure Heap.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word overflow-vulnerability safer-use  

• 11:58

  Microsoft Office Excel Record Array Indexing Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Excel contains an array indexing vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft safer-use office-excel microsoft-office  

• 11:58

  Microsoft Office Excel Formula Record Dangling Pointer Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Excel contains a Dangling Pointer Vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft dangling-pointer excel-formula safer-use  

• November 30, 2010
• 11:29

  Microsoft Office Word Document Invalid Pointer Vulnerability

   » ‎ SecuriTeam
  A critical vulnerability was discovered in Microsoft Office Word.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word critical-vulnerability invalid-pointer  

• 11:24

  Microsoft Office Word Bookmarks Invalid Pointer Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word contains Word Bookmarks Invalid Pointer Vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word invalid-pointer word-bookmarks  

• November 29, 2010
• 11:14

  Microsoft Office Word BKF Objects Array Indexing Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word contains a critical vulnerability in Word BKF Objects Array Indexing.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word critical-vulnerability safer-use  

• 11:09

  Microsoft Office Word Document Heap Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Word Document contains a Heap Overflow Vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft word microsoft-office-word overflow-vulnerability safer-use  

• November 24, 2010
• 0:00

  Vuln: Microsoft Office Art Drawing Record Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Art Drawing Record Remote Code Execution Vulnerability

  Tags:  office microsoft record art-drawing code-execution office-art microsoft-office  

• November 18, 2010
• 0:00

  Vuln: Microsoft Office RTF File Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office RTF File Stack Buffer Overflow Vulnerability

  Tags:  rtf office microsoft buffer-overflow-vulnerability stack-buffer rtf-file  

• November 10, 2010
• 0:00

  Vuln: Microsoft Office RTF File Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office RTF File Stack Buffer Overflow Vulnerability

  Tags:  rtf office microsoft buffer-overflow-vulnerability stack-buffer rtf-file  

• 0:00

  Microsoft Patches Office Security Vulnerabilities

   » ‎ Packet Storm Security Headlines
  Microsoft Patches Office Security Vulnerabilities

  Tags:  office microsoft patches microsoft-patches security-vulnerabilities office-security  

• November 09, 2010
• 22:02

  secunia-msodsc.txt

   » ‎ Packet Storm Security Recent Files
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by insufficient validation when parsing an Office Art Drawing record, which contains msofbtSp records that specify certain flags. This can be exploited to corrupt memory via a specially crafted Office file. Successful exploitation allows execution of arbitrary code.

  Tags:  txt office vulnerability art-drawing office-art s-system  

• 22:02

  ZDI-10-246.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees resources when parsing a malformed Office Art record. Due to the application not properly freeing up resources during handling a parsing error, the application will later access the freed reference which can lead to code execution under the context of the application.

  Tags:  office vulnerability application art microsoft-office-user office-art zero-day  

• 22:01

  secunia-msodsc.txt

   » ‎ Packet Storm Security Advisories
  Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by insufficient validation when parsing an Office Art Drawing record, which contains msofbtSp records that specify certain flags. This can be exploited to corrupt memory via a specially crafted Office file. Successful exploitation allows execution of arbitrary code.

  Tags:  txt office vulnerability art-drawing office-art s-system  

• 22:01

  ZDI-10-246.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees resources when parsing a malformed Office Art record. Due to the application not properly freeing up resources during handling a parsing error, the application will later access the freed reference which can lead to code execution under the context of the application.

  Tags:  office vulnerability application art microsoft-office-user office-art zero-day  

• 21:33

  Microsoft Patches Office Security Vulnerabilities

   » ‎ Packet Storm Security Headlines
  Microsoft Patches Office Security Vulnerabilities

  Tags:  office microsoft patches microsoft-patches security-vulnerabilities office-security  

• 0:00

  Vuln: Microsoft Office Art Drawing Record Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Art Drawing Record Remote Code Execution Vulnerability

  Tags:  office microsoft record art-drawing code-execution office-art microsoft-office  

• 0:00

  Vuln: Microsoft Office Drawing Exception Handling Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Drawing Exception Handling Remote Code Execution Vulnerability

  Tags:  office microsoft exception code-execution microsoft-office vulnerability  

• October 19, 2010
• 0:00

  Operation Payback Takes Down UK IP Office

   » ‎ Packet Storm Security Headlines
  Operation Payback Takes Down UK IP Office

  Tags:  office operation payback operation-payback ip-office  

• October 14, 2010
• 13:01

  Bugtraq: CORE-2010-0517 - Microsoft Office HtmlDlgHelper class memory corruption

   » ‎ SecurityFocus Vulnerabilities
  CORE-2010-0517 - Microsoft Office HtmlDlgHelper class memory corruption

  Tags:  office microsoft htmldlghelper memory-corruption class-memory microsoft-office  

• October 11, 2010
• 19:16

  Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow vulnerability

   » ‎ SecuriTeam
  A stack based buffer overflow vulnerability in Microsoft Excel 2002 (Office XP) can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted spreadsheet files with the .XLS extension.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft buffer-overflow-vulnerability microsoft-excel-2002 based-buffer-overflow  

• October 03, 2010
• 23:54

  Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability

   » ‎ SecuriTeam
  A memory corruption vulnerability was identified in Microsoft Office's RTF Parsing Engine.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  rtf office microsoft memory-corruption safer-use microsoft-office  

• October 01, 2010
• 14:00

  [local exploits] - Windows 7 Microsoft Office Groove Shortcut 2007 DLL Hijacking Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Windows 7 Microsoft Office Groove Shortcut 2007 DLL Hijacking Exploit

  Tags:  office microsoft windows hijacking microsoft-office exploits  

• September 23, 2010
• 0:00

  Vuln: Microsoft Windows and Office Uniscribe Font Parsing Engine Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Windows and Office Uniscribe Font Parsing Engine Remote Code Execution Vulnerability

  Tags:  office microsoft windows code-execution microsoft-windows vulnerability  

• September 12, 2010
• 20:01

  epressone-dllhijack.txt

   » ‎ Packet Storm Security Recent Files
  E-Press ONE Office Suite suffers from an insecure DLL hijacking vulnerability.

  Tags:  txt office e-press hijacking vulnerability dll  

• 20:00

  kingsoft-dllhijack.txt

   » ‎ Packet Storm Security Recent Files
  KingSoft Office 2010 Suite suffers from an insecure DLL hijacking vulnerability.

  Tags:  txt office kingsoft hijacking vulnerability dll  

• 20:00

  celframe-dllhijack.txt

   » ‎ Packet Storm Security Recent Files
  CelFrame Office Suite suffers from an insecure DLL hijacking vulnerability.

  Tags:  celframe txt office hijacking vulnerability dll  

• 20:00

  epressone-dllhijack.txt

   » ‎ Packet Storm Security Advisories
  E-Press ONE Office Suite suffers from an insecure DLL hijacking vulnerability.

  Tags:  txt office e-press hijacking vulnerability dll  

• 20:00

  kingsoft-dllhijack.txt

   » ‎ Packet Storm Security Advisories
  KingSoft Office 2010 Suite suffers from an insecure DLL hijacking vulnerability.

  Tags:  txt office kingsoft hijacking vulnerability dll  

• 20:00

  celframe-dllhijack.txt

   » ‎ Packet Storm Security Advisories
  CelFrame Office Suite suffers from an insecure DLL hijacking vulnerability.

  Tags:  celframe txt office hijacking vulnerability dll  

• 8:31

  Group Office 3.5.9 SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Group Office 3.5.9 SQL Injection Vulnerability

  Tags:  group office sql group-office vulnerability  

• September 11, 2010
• 14:00

  [webapps / 0day] - Group Office 3.5.9 SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Group Office 3.5.9 SQL Injection Vulnerability

  Tags:  group office day group-office webapps vulnerability  

• 12:50

  Microsoft Office Word 2007 sprmCMajority Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Microsoft Office Word 2007 sprmCMajority Buffer Overflow

  Tags:  office microsoft word microsoft-office-word buffer-overflow  

• September 10, 2010
• 14:00

  [dos / poc] - Microsoft Office Word 2007 sprmCMajority Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - Microsoft Office Word 2007 sprmCMajority Buffer Overflow

  Tags:  poc office microsoft microsoft-office-word buffer-overflow  

• September 08, 2010
• 21:02

  OIG_10-111_Aug10.pdf

   » ‎ Packet Storm Security Misc. Files
  Office of Inspector General report OIG-10-1111 - DHS Needs to Improve the Security Posture of Its Cybersecurity Program Systems.

  Tags:  aug office pdf inspector-general security-posture office-of-inspector-general dhs  

• 21:01

  OIG_10-111_Aug10.pdf

   » ‎ Packet Storm Security Recent Files
  Office of Inspector General report OIG-10-1111 - DHS Needs to Improve the Security Posture of Its Cybersecurity Program Systems.

  Tags:  aug office pdf inspector-general security-posture office-of-inspector-general dhs  

• 9:38

  Microsoft Office Visio DXF File Stack based Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Microsoft Office Visio DXF File Stack based Overflow

  Tags:  office microsoft visio microsoft-office overflow stack  

• September 07, 2010
• 14:00

  [remote exploits] - Microsoft Office Visio DXF File Stack based Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - Microsoft Office Visio DXF File Stack based Overflow

  Tags:  office microsoft visio microsoft-office overflow exploits  

• September 06, 2010
• 12:02

  Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office vulnerability microsoft buffer-overflow-vulnerability file-conversion safer-use  

• August 31, 2010
• 7:42

  Feng Office Persistent XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Feng Office Persistent XSS Vulnerability

  Tags:  office persistent feng vulnerability  

• August 29, 2010
• 11:33

  Microsoft Office Property Code Execution exploit (CVE-2006-2389)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Microsoft Office Property Code Execution exploit (CVE-2006-2389)

  Tags:  office property microsoft code-execution cve microsoft-office  

• August 25, 2010
• 12:41

  Microsoft Office Groove 2007 DLL Hijacking Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Microsoft Office Groove 2007 DLL Hijacking Exploit

  Tags:  office groove microsoft microsoft-office dll  

• 3:22

  Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)

  Tags:  office microsoft dll hijacking microsoft-office  

• August 12, 2010
• 7:00

  Bugtraq: ZDI-10-151: Microsoft Office Word 2007 plcffldMom Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-10-151: Microsoft Office Word 2007 plcffldMom Parsing Remote Code Execution Vulnerability

  Tags:  office microsoft word microsoft-office-word code-execution zdi  

• August 11, 2010
• 9:00

  Bugtraq: Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerability - CVE-2010-1903

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerability - CVE-2010-1903

  Tags:  office microsoft word microsoft-office-word memory-corruption word-html  

• August 10, 2010
• 14:00

  Bugtraq: CORE-2010-0407: Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow

   » ‎ SecurityFocus Vulnerabilities
  CORE-2010-0407: Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow

  Tags:  excel office microsoft buffer-overflow pivottable cache-data  

• August 04, 2010
• 13:57

  Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code office microsoft code-execution safer-use arbitrary-code  

• July 17, 2010
• 0:34

  groupoffice-sql.txt

   » ‎ Packet Storm Security Recent Files
  Group Office suffers from a remote SQL injection vulnerability.

  Tags:  group txt office group-office sql-injection vulnerability  

• 0:34

  groupoffice-exec.txt

   » ‎ Packet Storm Security Recent Files
  Group Office version 3.5.9 suffers from a remote command execution vulnerability.

  Tags:  group txt office command-execution group-office vulnerability  

• 0:34

  groupoffice-sql.txt

   » ‎ Packet Storm Security Exploits
  Group Office suffers from a remote SQL injection vulnerability.

  Tags:  group txt office group-office sql-injection vulnerability  

• 0:34

  groupoffice-exec.txt

   » ‎ Packet Storm Security Exploits
  Group Office version 3.5.9 suffers from a remote command execution vulnerability.

  Tags:  group txt office command-execution group-office vulnerability  

• July 16, 2010
• 1:00

  Group Office (comment_id) SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Group Office (comment_id) SQL Injection Vulnerability

  Tags:  group office sql group-office vulnerability  

• 1:00

  Group Office Remote Command Execution Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Group Office Remote Command Execution Vulnerability

  Tags:  group office remote command-execution group-office vulnerability  

• July 13, 2010
• 18:38

  Microsoft Office Access ActiveX Controls Code Execution Vulnerabilities

   » ‎ SecuriTeam
  Vulnerabilities were discovered in Microsoft Office Access ActiveX Controls that could Allow Remote Code Execution

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office access microsoft could-allow-remote-code-execution safer-use microsoft-office  

• 18:36

  Microsoft Office Outlook Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Vulnerabilities were discovered in Microsoft Office Outlook that could lead to Remote Code Execution.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft outlook code-execution safer-use microsoft-office  

• 18:36

  Microsoft Office Outlook Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Vulnerabilities were discovered in Microsoft Office Outlook that could lead to Remote Code Execution.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft outlook code-execution safer-use microsoft-office  

• 15:11

  Bugtraq: ZDI-10-117: Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-10-117: Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Remote Code Execution Vulnerability

  Tags:  office access microsoft code-execution zdi bugtraq  

• July 12, 2010
• 1:00

  Corel WordPerfect Office X5 15.0.0.357 (wpd) Buffer Overflow PoC

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Corel WordPerfect Office X5 15.0.0.357 (wpd) Buffer Overflow PoC

  Tags:  wordperfect office corel buffer-overflow wordperfect-office  

• July 05, 2010
• 2:58

  Microsoft Office Excel OBJ Stack Overflow Vulnerability

   » ‎ SecuriTeam
  A critical vulnerability was discovered affecting Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft overflow-vulnerability stack-overflow critical-vulnerability  

• 0:31

  Microsoft Office Excel RTD Heap Corruption Vulnerability

   » ‎ SecuriTeam
  A critical vulnerability was discovered affecting Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft heap-corruption critical-vulnerability safer-use  

• 0:31

  Microsoft Office Excel SxView Memory Corruption Vulnerability

   » ‎ SecuriTeam
  A critical Vulnerability was disvoered affecting Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft critical-vulnerability memory-corruption safer-use  

• July 01, 2010
• 21:04

  [Video] Methods for Understanding Targeted Attacks with Office Documents

   » ‎ SecDocs
  Authors: Bruce Dang
  Tags: malware malware analysis Office
  Event: Black Hat USA 2008
  

  Tags:  malware video office bruce-dang usa office-documents black-hat dang  

• 21:04

  [Audio] Methods for Understanding Targeted Attacks with Office Documents

   » ‎ SecDocs
  Authors: Bruce Dang
  Tags: malware malware analysis Office
  Event: Black Hat USA 2008
  

  Tags:  malware office audio bruce-dang usa office-documents black-hat dang  

• 16:59

  Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Visio is vulnerable to a buffer overflow vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft visio buffer-overflow-vulnerability safer-use microsoft-office  

• 16:53

  Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Visio is vulnerable to a buffer overflow vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft visio buffer-overflow-vulnerability safer-use microsoft-office  

• 13:57

  Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Visio is vulnerable to a buffer overflow vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft visio buffer-overflow-vulnerability safer-use microsoft-office  

• June 30, 2010
• 17:17

  Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  Microsoft Office Visio is vulnerable to a buffer overflow vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  office microsoft visio buffer-overflow-vulnerability safer-use microsoft-office  

• June 28, 2010
• 23:02

  koffice-overflow.rar

   » ‎ Packet Storm Security Recent Files
  Kingsoft Office 2010 Writer version 6.6.0.2462 .doc file buffer overflow proof of concept exploit.

  Tags:  office rar kingsoft buffer-overflow proof-of-concept version-6  

• 23:01

  koffice-overflow.rar

   » ‎ Packet Storm Security Exploits
  Kingsoft Office 2010 Writer version 6.6.0.2462 .doc file buffer overflow proof of concept exploit.

  Tags:  office rar kingsoft buffer-overflow proof-of-concept version-6  

• June 17, 2010
• 21:05

  [Paper] How to operationally detect and break misuse of weak stream ciphers (and even block ciphers sometimes) - Application to the Office Encryption Cryptanalysis

   » ‎ SecDocs
  Authors: Eric Filiol
  Tags: cryptography
  Event: Black Hat EU 2010
  Abstract: Despite the evergrowing use of block ciphers, stream ciphers are still widely used: satellite communications (military, diplomatic...), civilian telecommunications, software... If their intrinsic security can be considered as strong, the main drwaback lies in the high risk of key misuse wich introduces severe weaknesses, even for unconditionnally secure ciphers like the Vernam system. Such misuses are still very frequent, more than we could expect. In this talk we explain how to detect such misuses, to identify ciphertexts that are relevant to this misuse (among a huge amount of ciphertexts) and finally how to recover the underlying plaintext within minutes. This may also apply to (intendly or not) badly implemented block ciphers. To illustrate this technique, this talk will also deal with the technical cryptanalysis of encryption used in Office up to the 2003 version (RC4 based). We will focus on Word and Excel applications. The cryptanalysis has been successfully and we manage to recover more than 90% of the encrypted texts in a few seconds. The attack is based both on a pure mathematical effort AND a few basic forensic approach. In a more general cases (e.g. satellite communications), we just need to intercept ciphertexts. In the Office case, we will explain in our sense that the attack does not rely on particular weakness but in a setting that can be seriously considered and described as a possible intended trap. We will develop this concept to explain how in a more general way such trap can be built.

  Tags:  office stream misuse eric-filiol stream-ciphers forensic-approach office-case  

• June 11, 2010
• 1:00

  Office 2 iPhone XLS Denial of Service

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Office 2 iPhone XLS Denial of Service

  Tags:  office iphone xls denial-of-service  

• June 08, 2010
• 13:00

  Bugtraq: ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability

  Tags:  excel office microsoft code-execution office-excel zdi  

• 0:00

  Vuln: Microsoft Office COM Object Validation Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office COM Object Validation Remote Code Execution Vulnerability

  Tags:  office com microsoft code-execution microsoft-office vulnerability  

• June 07, 2010
• 19:00

  dsa-2055-1.txt

   » ‎ Packet Storm Security Advisories
  Debian Linux Security Advisory 2055-1 - It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component.

  Tags:  dsa python office office-productivity-suite linux-security debian-linux  

• May 20, 2010
• 21:31

  Microsoft Office Excel Record Processing Code Execution Vulnerability

   » ‎ SecuriTeam
  A critical vulnerability was discovered affecting Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft critical-vulnerability code-execution safer-use  

• 21:29

  Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability

   » ‎ SecuriTeam
  A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft memory-corruption safer-use xls-file  

• 21:21

  Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  excel office microsoft code-execution safer-use office-excel  

• May 07, 2010
• 9:00

  zolsoft-xsrf.txt

   » ‎ Packet Storm Security Recent Files
  Zolsoft Office Server Free Edition version 2010.0502 suffers from a cross site request forgery vulnerability.

  Tags:  txt office zolsoft office-server forgery vulnerability  

• 9:00

  zolsoft-xsrf.txt

   » ‎ Packet Storm Security Exploits
  Zolsoft Office Server Free Edition version 2010.0502 suffers from a cross site request forgery vulnerability.

  Tags:  txt office zolsoft office-server forgery vulnerability  

• May 04, 2010
• 13:00

  Bugtraq: [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow

   » ‎ SecurityFocus Vulnerabilities
  [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow

  Tags:  office microsoft visio buffer-overflow microsoft-office insertion  

• April 30, 2010
• 0:00

  Vuln: BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities

  Tags:  messenger office bigant buffer-overflow-vulnerabilities activex-control heap  

• April 26, 2010
• 10:00

  Biosphere lighting

   » ‎ Hack a Day
  Sometimes, sitting in a windowless office can drive you crazy. Adding a little bit of life and color can really help. [Gripen40k] did this by building a biosphere. He didn’t have any windows though, so he made an LED light on a PIC based timer. What is interesting is what he did with a thermistor. [...]

  Tags:  biosphere lighting office windowless-office thermistor timer home hacks  

• April 06, 2010
• 1:00

  Microsoft Office ( 2010 beta ) Communicator SIP DoS Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Microsoft Office ( 2010 beta ) Communicator SIP DoS Exploit

  Tags:  office beta microsoft microsoft-office sip  

• 0:00

  Vuln: Microsoft Office Communicator SIP Remote Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Communicator SIP Remote Denial of Service Vulnerability

  Tags:  office microsoft communicator service-vulnerability denial-of-service microsoft-office-communicator  

• March 24, 2010
• 0:00

  Foreign Office Changes Tourist Advice After Israeli Inquiry

   » ‎ Packet Storm Security Headlines
  Foreign Office Changes Tourist Advice After Israeli Inquiry

  Tags:  office tourist foreign tourist-advice office-changes foreign-office  

• March 09, 2010
• 12:00

  Bugtraq: ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability

  Tags:  excel office microsoft code-execution office-excel zdi  

• March 05, 2010
• 0:00

  Vuln: Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability

  Tags:  control office ultra buffer-overflow-vulnerability  

• March 03, 2010
• 0:00

  Vuln: Microsoft Office Web Components ActiveX Control Stack Buffer Overflow Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Office Web Components ActiveX Control Stack Buffer Overflow Code Execution Vulnerability

  Tags:  office microsoft web office-web-components microsoft-office-web-components overflow-code  

• February 09, 2010
• 17:00

  CORE-2009-0827.txt

   » ‎ Packet Storm Security Advisories
  Core Security Technologies Advisory - A vulnerability exists in MSO.DLL affecting Excel 9 (Office 2000) and Excel 10 (Office XP) in the code responsible for parsing OfficeArtSpgr (recType 0xF003) containers that allows an attacker to cause a class pointer to be interpreted incorrectly, leading to code execution in the context of the currently logged on user.

  Tags:  core office excel security-technologies office-2000 office-xp  

• 17:00

  Bugtraq: ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability

  Tags:  office microsoft powerpoint microsoft-office-powerpoint code-execution powerpoint-viewer  

• 17:00

  Bugtraq: TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability

  Tags:  office microsoft powerpoint microsoft-office-powerpoint tpti code-execution  

• 14:00

  Bugtraq: CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability

  Tags:  excel microsoft office office-excel overwrite microsoft-office  

• February 04, 2010
• 8:52

  exploiting beyond the LAN

   » ‎ remote-exploit & backtrack
  Hi Fellaz,
  
  I've successfully exploited various win xp machines on my lan in lab environment using SET and aurora exploit but that is locally, how can these exploitz be used against other side of router on MY remote office pcs (ie.) want to try and pentest outside the local lan, will the exploit meterpreter session come back to me on my LHOST 192.168.0.8 address even if not on the same lan. if not how can it be acheived?
  
  Pentest office : attack machine ip 192.168.0.8 public ip 96.xx.xx.xx
  Remote office different lan: victim ip 192.168.1.9 public ip 92.xx.xx.xx
  MY OWN btw victim machine both owned my myself.
  
  both ip addresses differ 92.xx.xx.xx and 96.xx.xx.xx so how to metasploit past my remote router into the lan side.
  
  As stated I own both networks but not Pwnd yet.
  Googled and not found a thing apart from changing LHOST to public ip but thats just the router isnt it?
  
  Kind Regardz DEE

  Tags:  lan router office my-own lhost public-ip victim-machine BackTrack General Support  

• January 29, 2010
• 0:00

  Home Office Presses Ahead With Web Interception

   » ‎ Packet Storm Security Headlines
  Home Office Presses Ahead With Web Interception

  Tags:  office presses home