CVE-2008-0104
published 2008-02-12CVE-2008-0104: Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka…
PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
28.95%
97.9th percentile
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Fortinet
iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
blogs_fortinet·2017-03-23·CVSS 8.1
CVE-2017-0104 [HIGH] iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
FORTIGUARD LABS THREAT RESEARCH
iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
By Honggang Ren | March 23, 2017
Summary
In November 2016, as part of my FortiGuard research work, I discovered and reported on an iSNS server memory corruption vulnerability in Microsoft Windows Server. On patch Tuesday of March 2017, Microsoft released the Security Bulletin MS17-012 that contain the fix for this vulnerability and identifies it as CVE-2017-0104.
This vulnerability could lead to remote code execution, and is rated as critical by Microsoft. The vulnerability affects Windows Server 2008, 2012, and 2016 versions. Microsoft recommends installing this update immediately.
In this blog I will share the details of this vulnerability.
How to Reproduce
To reproduce the vulne
Bugzilla
CVE-2008-0416 Mozilla arbitrary code execution
bugzilla·2008-02-06·CVSS 4.3
CVE-2008-0416 [MEDIUM] CVE-2008-0416 Mozilla arbitrary code execution
CVE-2008-0416 Mozilla arbitrary code execution
CVE-2008-0416 describes cross site scripting (XSS) bugs in the Mozilla
products. It is possible that these flaws could be used by malicious web
content to steal information or trick a user into disclosing private data.
Discussion:
Keep this embargoed until upstream makes it public.
---
Lifting embargo, this issue is public:
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0104.html
http://rhn.redhat.com/errata/RHSA-2008-0103.html
http://marc.info/?l=bugtraq&m=120361015026386&w=2http://secunia.com/advisories/28906http://www.securityfocus.com/bid/27740http://www.securitytracker.com/id?1019377http://www.us-cert.gov/cas/techalerts/TA08-043C.htmlhttp://www.vupen.com/english/advisories/2008/0514/referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4547http://marc.info/?l=bugtraq&m=120361015026386&w=2http://secunia.com/advisories/28906http://www.securityfocus.com/bid/27740http://www.securitytracker.com/id?1019377http://www.us-cert.gov/cas/techalerts/TA08-043C.htmlhttp://www.vupen.com/english/advisories/2008/0514/referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4547
2008-02-12
Published