Microsoft and Adobe Flash patches vs corresponding document and web exploits (non PDF, CVE numbered)

Again, thanks to Malware Tracker keeping exploit timeline for Microsoft products (MS Office, HTML help, Windows thumbnail), these are the patches you need to have installed for protection or should not  *not* have if you want successful sandbox testing of these exploits.



Some of these like Flash were also used as Web exploits. The table below includes only exploits used in documents.



There are too many Flash exploits to list with the links, however, the two lists below allow very easy correlation

List of Flash Player Vulnerabilities with CVE and Flash version numbers

Old versions of Flash Player for download

Release	CVE ID	Description	Exploit			Patch
2011-04-11	CVE-2011-0611   DOC, XLS	Safe with Adobe Flash v. 10.2.159.1 DOWNLOAD ADOBE FLASH PLAYER 10.2.159.1 - IE and  ADOBE FLASH PLAYER 10.2.159.1 - non-IE                                                                Adobe Flash embedded in Microsoft Word or Excel. -----------------------------------------------	Adobe Flash  zeroday. See the Adobe advisory for more information.			2011-04-15  Flash 10.2.159.1
2011-03-14	CVE-2011-0609 DOC, XLS	Safe with Adobe Flash v. 10.2.153.1 DOWNLOAD  ADOBE FLASH PLAYER 10.2.153.1 - IE and ADOBE FLASH PLAYER 10.2.153.1 - non-IE             Adobe Flash embedded in Microsoft Excel (also affects PDF). Used in RSA compromise. -----------------------------------------------	Adobe Flash   zeroday, 1-byte fuzzing. See the Adobe advisory for more information.			2011-03-21  Flash 10.2.152.33
2010-11-09	CVE-2010-3333 DOC (RTF)	Safe with the following patches (click on the one you need to download) Security Update for Microsoft Office XP (KB2289169) Security Update for Microsoft Office 2003 (KB2289187) Security Update for Microsoft Office 2007 System (KB2289158) Security Update for Microsoft Office 2010 (KB2289161), 32-Bit Edition Security Update for Microsoft Office 2010 (KB2289161), 64-Bit Edition MS Office Word/RTF exploit remote code execution.  -----------------------------------------------	Microsoft Office/Word RTF exploit Advisory 2423930			2010-11-09 MS10-087
2011-01-04	CVE-2010-3970 DOC	Safe with Windows patch KB2483185  see other OS on Windows Update site Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2  Windows Vista Service Pack 1 and Windows Vista Service Pack 2  Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2  Thumbnail exploit in Windows - Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor. ----------------------------------------------- Safe with the following patches	Microsoft Windows thumbnail Advisory 2490606			2011-02-08 MS11-006
2009-11-10	CVE-2009-3129 XLS	Microsoft Office Excel 2002 Service Pack 3 (KB973471) Microsoft Office Excel 2003 Service Pack 3 (KB973475) Microsoft Office Excel 2007 Service Pack 1 and Microsoft Office Excel 2007 Service Pack 2* (KB973593) Microsoft Excel FEATHEADER Record Memory Corruption. ---------------------------------------------	Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution              Advisory 972652			2009-11-10 MS09-067
2009-06-09	CVE-2009-0557 XLS	Safe with the following patches  Microsoft Office Excel 2000 Service Pack  (KB969683)  Microsoft Office Excel 2002 Service Pack 3 (KB969680)  Microsoft Office Excel 2003 Service Pack 3 (KB969681) icrosoft Office Excel 2007 Service Pack 1* (KB969682) Microsoft Office Excel 2007 Service Pack 2* (KB969682) Microsoft Excel remote exploit. ---------------------------------------------				malformed record object Advisory 969462			2009-06-09 MS09-021
2009-04-02	CVE-2009-0556 PPT	Safe with the following patches Microsoft Office PowerPoint 2000 Service Pack 3 (KB957790) Microsoft Office PowerPoint 2002 Service Pack 3 (KB957781) Microsoft Office PowerPoint 2003 Service Pack 3 (KB957784) Microsoft Office PowerPoint 2007 Service Pack  (KB957789)  Microsoft Office PowerPoint 2007 Service Pack 2 (KB957789) Microsoft Powerpoint remote exploit. --------------------------------------------- Safe with the following patches	Microsoft Powerpoint Boundary Condition Error Advisory 969136			2009-05-12 MS09-017
2008-12-09	CVE-2008-4841 DOC	Microsoft Windows 2000 Service Pack 4 (KB923561) Windows XP Service Pack 2 and Windows XP Service Pack 3 (KB923561) Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (KB923561) Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack (KB923561) WordPad / Microsoft Word malformed list structure. -------------------------------------------- Safe with the following patches	malformed list Advisory 960906			2009-04-14 MS09-010
2008-08-12	CVE-2008-3005 XLS	Excel 2000 Service Pack 3 (KB951582) Excel 2002 Service Pack 3 (KB951551) Excel 2003 Service Pack 2 (KB951548) Excel 2003 Service Pack 3 (KB951548) Excel 2007 (KB951546) Excel 2007 Service Pack 1(KB951546) Array index vulnerability in Microsoft Office Excel.  ------------------------------------------- Safe with the following patches	array index Advisory 954066			2008-08-12 MS08-043
2008-01-15	CVE-2008-0081  XLS	Excel 2000 Service Pack 3(KB946979) Excel 2002 Service Pack 3 (KB946976) Excel 2003 Service Pack 2 (KB943985) Excel 2007 (KB946974) Microsoft Excel Macro Validation Vulnerability.  --------------------------------------------- Safe with the following patches	Input Validation Error Advisory 947563			2008-03-08 MS08-014
2007-02-13	CVE-2006-6456 DOC	Microsoft Word 2000 SP3- Download the update (KB929139)  Microsoft Word XP 2002 SP2- Download the update (KB929061)  Word 2003 SP2 - Download the update (KB929057)  Word Viewer 2003 - Download the update (KB924883)  Microsoft Word specially crafted data structure.  -------------------------------------------------	Microsoft Word Advisory 929434			2007-02-13 MS07-014
2006-07-11	CVE-2006-2389 Office documents	Safe with the following patches  Office 2003 SP1 SP2 - Download the update (KB917151) Office XP SP3 - Download the update (KB917150) Office 2000 SP3 - Download the update (KB917152) Microsoft Office document parsing vulnerability.  ------------------------------------------------- Safe with the following patches	>Microsoft Office Advisory 917284			2006-07-11 MS06-038
2005-05-10	CVE-2006-2492 DOC	Word 2000 SP3— Download the update (KB917345) Word 2002 SP3— Download the update (KB917335) Word 2003 SP1 or SP2 — Download the update (KB917334) Word Viewer ofc SP1 or Sp2 2003 - Download the update (KB917346) Microsoft Word Malformed (SmartTag) Object Pointer vulnerability.  -----------------------------------------------	malformed object pointer Advisory 919637			2005-06-13 MS06-027
1997	Design Flaw	Microsoft Compiled HTML Help can contain and run executables.	.CHM files run from local zone