Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
office web components vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1201
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote malicious users to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerabilit...
Microsoft Biztalk Server 2000
Microsoft Biztalk Server 2002
Microsoft Office 2000
Microsoft Office Xp
Microsoft Visual Studio .net 2002
Microsoft Visual Studio .net 2003
Microsoft Commerce Server 2000
Microsoft Internet Security And Acceleration Server 2000
NA
CVE-2006-4695
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote malicious users to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
Microsoft Office Web Components 2000
NA
CVE-2005-2127
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Exp...
Microsoft Office 2000
Microsoft Office Xp
Microsoft Project 98
Microsoft Visio 2002
Microsoft Visio 2003
Microsoft Visual Studio .net 2002
Microsoft Visual Studio .net Gold
Microsoft .net Framework 1.1
Microsoft Project 2002
Microsoft Project 2003
Microsoft Office
Microsoft Visio 2000
Ati Catalyst Driver
Microsoft Project 2000
Microsoft Visual Studio .net 2003
1 EDB exploit
1 Github repository
NA
CVE-2005-0360
The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote malicious users to create or append to arbitrary files.
Microsoft Log Sink Class Activex Control
NA
CVE-2002-1339
The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote malicious users to determine the existence of local files based on exceptions, or to read WorkSheet XML files.
Microsoft Office Web Components 2002
NA
CVE-2002-1340
The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote malicious users to determine the existence of local files by detecting an exception.
Microsoft Office Web Components 2002
NA
CVE-2002-1338
The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote malicious users to determine the existence of local files.
Microsoft Office Web Components 2002
NA
CVE-2002-0727
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote malicious users to execute arbitrary commands via the setTimeout method.
Microsoft Project 2002
Microsoft Office Web Components 2000
Microsoft Office Web Components 2002
NA
CVE-2002-0860
The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote malicious users to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
Microsoft Project 2000
Microsoft Project 2002
Microsoft Office Web Components 2000
Microsoft Office Web Components 2002
NA
CVE-2002-0861
Microsoft Office Web Components (OWC) 2000 and 2002 allows remote malicious users to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
Microsoft Office Web Components 2002
Microsoft Project 2000
Microsoft Office Web Components 2000
Microsoft Project 2002
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »