MS Office 2007 and 2010 - OLE Arbitrary Command Execution
http://www.exploit-db.com/exploits/35216/
Microsoft Word Record Parsing Buffer Overflow
http://packetstormsecurity.com/files/92937/Microsoft-Word-Record-Parsing-Buffer-Overflow.html
SAP Player 0.9 Buffer Overflow
http://packetstormsecurity.com/files/92937/Microsoft-Word-Record-Parsing-Buffer-Overflow.html
Microsoft Office 2008 SP0 RTF Pfragments exploit for the Mac.
http://packetstormsecurity.com/files/111961/Office-2008-SP0-RTF-Pfragments-MAC-Exploit.html
Digital Music Pad version 8.2.3.4.8 SEH overflow exploit.
http://packetstormsecurity.com/files/97146/Digital-Music-Pad-8.2.3.4.8-SEH-Overflow.html
Quick Player version 1.3 unicode SEH exploit.
http://packetstormsecurity.com/files/94356/Quick-Player-1.3-Unicode-SEH-Exploit.html
This Metasploit module exploits a buffer overflow in Digital Music Pad version 8.2.3.3.4. When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.
http://packetstormsecurity.com/files/94303/Digital-Music-Pad-8.2.3.3.4-SEH-Overflow.html
DJ Studio Pro version 8.1.3.2.1 SEH overwrite exploit.
http://packetstormsecurity.com/files/93983/DJ-Studio-Pro-8.1.3.2.1-SEH-Overwrite.html
Audiotran version 1.4.2.4 SEH overflow exploit that creates a malicious .pls file.
http://packetstormsecurity.com/files/93705/Audiotran-1.4.2.4-SEH-Overflow.html
Virtual DJ Trial version 6.1.2 SEH buffer overflow crash proof of concept exploit.
http://packetstormsecurity.com/files/93502/Virtual-DJ-Trial-6.1.2-Buffer-Overflow.html
Microsoft Office memory corruption code execution exploit that demonstrates a malformed property vulnerability.
http://packetstormsecurity.com/files/93302/Microsoft-Office-Property-Code-Execution.html
Microsoft Excel Featheader buffer overflow exploit that leverages the vulnerability noted in MS09-067.
http://packetstormsecurity.com/files/92977/Microsoft-Excel-Featheader-Buffer-Overflow.html
Mediacoder version 0.7.5.4710 buffer overflow exploit that binds a shell to port 5555.
http://packetstormsecurity.com/files/92457/Mediamonkey-3.2.1.1297-Denial-Of-Service.html
Video Workstation Version 5.3.9.4 dll hijacking (iacenc.dll, ir50_lcs.dll)!!
http://1337day.com/exploits/14314
iworkstation Version 9.3.2.1.4 dll hijacking exploit
http://1337day.com/exploits/14286