All the vulnerabilites related to Microsoft Corporation - Microsoft Office
cve-2017-0265
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038448 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98285 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038448"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265"
},
{
"name": "98285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft PowerPoint for Mac 2011"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038448"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265"
},
{
"name": "98285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint for Mac 2011"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038448",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038448"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265"
},
{
"name": "98285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0265",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8511
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98815 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:22.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps Server 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016 for Mac, Microsoft PowerPoint for Mac 2011, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, and Microsoft SharePoint Enterprise Server 2016."
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "98815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps Server 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016 for Mac, Microsoft PowerPoint for Mac 2011, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, and Microsoft SharePoint Enterprise Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98815"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8511",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:22.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8663
Vulnerability from cvelistv5
Published
2017-08-01 20:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability"
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039011 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100004 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663"
},
{
"name": "1039011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039011"
},
{
"name": "100004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016."
}
]
}
],
"datePublic": "2017-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka \"Microsoft Office Outlook Memory Corruption Vulnerability\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663"
},
{
"name": "1039011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039011"
},
{
"name": "100004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "20170727T00:00:00",
"ID": "CVE-2017-8663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka \"Microsoft Office Outlook Memory Corruption Vulnerability\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663"
},
{
"name": "1039011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039011"
},
{
"name": "100004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8663",
"datePublished": "2017-08-01T20:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-16T17:03:09.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0797
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 18:17
Severity ?
EPSS score ?
Summary
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102406 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102406"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102406"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102406"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0797",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T18:17:56.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11934
Vulnerability from cvelistv5
Published
2017-12-12 21:00
Modified
2024-09-17 01:45
Severity ?
EPSS score ?
Summary
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039998 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102064 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:15.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039998",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934"
},
{
"name": "102064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039998",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934"
},
{
"name": "102064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102064"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-11934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039998",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039998"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934"
},
{
"name": "102064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102064"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11934",
"datePublished": "2017-12-12T21:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-17T01:45:53.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0795
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102356 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102356"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102356"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102356"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0795",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T19:09:03.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8632
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100734 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8632",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T04:20:07.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8571
Vulnerability from cvelistv5
Published
2017-08-01 20:00
Modified
2024-09-17 01:27
Severity ?
EPSS score ?
Summary
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99452 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039012 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99452",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99452"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571"
},
{
"name": "1039012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016."
}
]
}
],
"datePublic": "2017-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka \"Microsoft Office Outlook Security Feature Bypass Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "99452",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99452"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571"
},
{
"name": "1039012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "20170727T00:00:00",
"ID": "CVE-2017-8571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka \"Microsoft Office Outlook Security Feature Bypass Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99452"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571"
},
{
"name": "1039012",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8571",
"datePublished": "2017-08-01T20:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T01:27:01.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0852
Vulnerability from cvelistv5
Published
2018-02-15 02:00
Modified
2024-09-17 02:07
Severity ?
EPSS score ?
Summary
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102871 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040368 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102871"
},
{
"name": "1040368",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R)."
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0851."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Critical",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102871"
},
{
"name": "1040368",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R)."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Critical"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102871"
},
{
"name": "1040368",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040368"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0852",
"datePublished": "2018-02-15T02:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T02:07:08.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0255
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98107 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft SharePoint Foundation 2013 SP1"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka \"Microsoft SharePoint XSS Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "98107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft SharePoint Foundation 2013 SP1"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka \"Microsoft SharePoint XSS Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98107"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0255",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8509
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98812 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8509",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8744
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100748 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:20.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8744",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T00:11:02.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8631
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-16 23:32
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100751 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "100751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100751"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8631",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-16T23:32:04.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11878
Vulnerability from cvelistv5
Published
2017-11-15 03:00
Modified
2024-09-17 04:05
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039783 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101756 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878"
},
{
"name": "101756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Excel Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878"
},
{
"name": "101756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Excel Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878"
},
{
"name": "101756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11878",
"datePublished": "2017-11-15T03:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-17T04:05:13.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11826
Vulnerability from cvelistv5
Published
2017-10-13 13:00
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 | x_refsource_CONFIRM | |
| https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/101219 | vdb-entry, x_refsource_BID | |
| https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1039541 | vdb-entry, x_refsource_SECTRACK | |
| https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html"
},
{
"name": "101219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/"
},
{
"name": "1039541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server."
}
]
}
],
"datePublic": "2017-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-11T23:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html"
},
{
"name": "101219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/"
},
{
"name": "1039541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826"
},
{
"name": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html"
},
{
"name": "101219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101219"
},
{
"name": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/",
"refsource": "MISC",
"url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/"
},
{
"name": "1039541",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039541"
},
{
"name": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/",
"refsource": "MISC",
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11826",
"datePublished": "2017-10-13T13:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T16:32:32.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8743
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 04:10
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100746 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039323 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:21.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100746"
},
{
"name": "1039323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8742."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "100746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100746"
},
{
"name": "1039323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8742."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100746"
},
{
"name": "1039323",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039323"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8743",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T04:10:26.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11884
Vulnerability from cvelistv5
Published
2017-11-15 03:00
Modified
2024-09-17 01:25
Severity ?
EPSS score ?
Summary
Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039783 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101766 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884"
},
{
"name": "101766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2016 Click-to-Run (C2R)"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11882."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884"
},
{
"name": "101766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2016 Click-to-Run (C2R)"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11882."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884"
},
{
"name": "101766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11884",
"datePublished": "2017-11-15T03:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-17T01:25:49.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8630
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100732 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630"
},
{
"name": "100732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100732"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2016"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630"
},
{
"name": "100732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100732"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630"
},
{
"name": "100732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100732"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8630",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T04:09:51.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0262
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98279 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "98279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98279"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0262",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8507
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98827 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038666 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507"
},
{
"name": "98827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98827"
},
{
"name": "1038666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016."
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507"
},
{
"name": "98827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98827"
},
{
"name": "1038666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507"
},
{
"name": "98827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98827"
},
{
"name": "1038666",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8507",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8742
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039323 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100741 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:21.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742"
},
{
"name": "100741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8743."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742"
},
{
"name": "100741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039323",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039323"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742"
},
{
"name": "100741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8742",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T01:31:58.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11882
Vulnerability from cvelistv5
Published
2017-11-15 03:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedi/CVE-2017-11882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/unamer/CVE-2017-11882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rxwx/CVE-2017-11882"
},
{
"name": "101757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/"
},
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "VU#421280",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/421280"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0x09AL/CVE-2017-11882-metasploit"
},
{
"name": "43163",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43163/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11884."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T22:10:03",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedi/CVE-2017-11882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unamer/CVE-2017-11882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rxwx/CVE-2017-11882"
},
{
"name": "101757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/"
},
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "VU#421280",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/421280"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0x09AL/CVE-2017-11882-metasploit"
},
{
"name": "43163",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43163/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11884."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedi/CVE-2017-11882",
"refsource": "MISC",
"url": "https://github.com/embedi/CVE-2017-11882"
},
{
"name": "https://github.com/unamer/CVE-2017-11882",
"refsource": "MISC",
"url": "https://github.com/unamer/CVE-2017-11882"
},
{
"name": "http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882",
"refsource": "MISC",
"url": "http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882"
},
{
"name": "https://github.com/rxwx/CVE-2017-11882",
"refsource": "MISC",
"url": "https://github.com/rxwx/CVE-2017-11882"
},
{
"name": "101757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101757"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882"
},
{
"name": "https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/",
"refsource": "MISC",
"url": "https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/"
},
{
"name": "1039783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "VU#421280",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/421280"
},
{
"name": "https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html"
},
{
"name": "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html"
},
{
"name": "https://github.com/0x09AL/CVE-2017-11882-metasploit",
"refsource": "MISC",
"url": "https://github.com/0x09AL/CVE-2017-11882-metasploit"
},
{
"name": "43163",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43163/"
},
{
"name": "https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11882",
"datePublished": "2017-11-15T03:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T17:03:49.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0851
Vulnerability from cvelistv5
Published
2018-02-15 02:00
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102870 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040381 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102870",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851"
},
{
"name": "1040381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R)."
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0852."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Important",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102870",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851"
},
{
"name": "1040381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R)."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0852."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Important"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102870"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851"
},
{
"name": "1040381",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0851",
"datePublished": "2018-02-15T02:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T22:51:16.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11877
Vulnerability from cvelistv5
Published
2017-11-15 03:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039783 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101747 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
},
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "101747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
},
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "101747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
},
{
"name": "1039783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "101747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11877",
"datePublished": "2017-11-15T03:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T23:30:46.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8512
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98816 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038668 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:22.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98816"
},
{
"name": "1038668",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services."
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "98816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98816"
},
{
"name": "1038668",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98816"
},
{
"name": "1038668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038668"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8512",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:22.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8508
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98828 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:22.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016."
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka \"Microsoft Office Security Feature Bypass Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "98828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka \"Microsoft Office Security Feature Bypass Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98828"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8508",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:22.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11854
Vulnerability from cvelistv5
Published
2017-11-15 03:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039795 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101746 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039795"
},
{
"name": "101746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101746"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039795"
},
{
"name": "101746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101746"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039795",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039795"
},
{
"name": "101746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101746"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11854",
"datePublished": "2017-11-15T03:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T17:33:33.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0260
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038668 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98810 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038668",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260"
},
{
"name": "98810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2013 Service Pack 1 Click-to-Run (C2R), Microsoft Office 2016 Click-to-Run (C2R), Windows 7, Windows Server 2008 and Windows Server 2008 R2."
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038668",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260"
},
{
"name": "98810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2013 Service Pack 1 Click-to-Run (C2R), Microsoft Office 2016 Click-to-Run (C2R), Windows 7, Windows Server 2008 and Windows Server 2008 R2."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038668"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260"
},
{
"name": "98810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0260",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8567
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution".
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100719 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel for Mac 2011"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel for Mac 2011"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8567",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T02:37:14.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8745
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100753 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:21.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft SharePoint Foundation 2013 Service Pack 1"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Cross Site Scripting Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "100753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft SharePoint Foundation 2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Cross Site Scripting Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100753"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8745",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T00:16:20.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0919
Vulnerability from cvelistv5
Published
2018-03-14 17:00
Modified
2024-09-17 00:41
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040526 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103311 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919"
},
{
"name": "103311",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919"
},
{
"name": "103311",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040526",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040526"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919"
},
{
"name": "103311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0919",
"datePublished": "2018-03-14T17:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T00:41:29.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0264
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0264 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98282 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0264"
},
{
"name": "98282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft PowerPoint for Mac 2011"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0264"
},
{
"name": "98282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint for Mac 2011"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0264",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0264"
},
{
"name": "98282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0264",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0261
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98104 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038444 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261"
},
{
"name": "98104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98104"
},
{
"name": "1038444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261"
},
{
"name": "98104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98104"
},
{
"name": "1038444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261"
},
{
"name": "98104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98104"
},
{
"name": "1038444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0261",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11939
Vulnerability from cvelistv5
Published
2017-12-12 21:00
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039994 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102105 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:15.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039994",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039994"
},
{
"name": "102105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2016 Click-to-Run (C2R)"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039994",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039994"
},
{
"name": "102105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-11939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2016 Click-to-Run (C2R)"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039994",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039994"
},
{
"name": "102105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102105"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11939",
"datePublished": "2017-12-12T21:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-17T00:20:35.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0853
Vulnerability from cvelistv5
Published
2018-02-15 02:00
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102868 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040381 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853"
},
{
"name": "1040381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R)."
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Important",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853"
},
{
"name": "1040381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R)."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Important"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102868"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853"
},
{
"name": "1040381",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0853",
"datePublished": "2018-02-15T02:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T01:56:42.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8510
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98813 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038668 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:22.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98813",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98813"
},
{
"name": "1038668",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1,and Microsoft Office 2016 (64-bit edition)."
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "98813",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98813"
},
{
"name": "1038668",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1,and Microsoft Office 2016 (64-bit edition)."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98813"
},
{
"name": "1038668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038668"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8510",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:22.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0281
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98297 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:55.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281"
},
{
"name": "98297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016."
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281"
},
{
"name": "98297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281"
},
{
"name": "98297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0281",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T13:03:55.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0254
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98101 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038443 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
},
{
"name": "98101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98101"
},
{
"name": "1038443",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016."
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
},
{
"name": "98101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98101"
},
{
"name": "1038443",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
},
{
"name": "98101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98101"
},
{
"name": "1038443",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0254",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8725
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 02:51
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100758 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039322 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100758"
},
{
"name": "1039322",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039322"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka \"Microsoft Office Publisher Remote Code Execution\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "100758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100758"
},
{
"name": "1039322",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039322"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka \"Microsoft Office Publisher Remote Code Execution\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100758"
},
{
"name": "1039322",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039322"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8725",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T02:51:37.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0841
Vulnerability from cvelistv5
Published
2018-02-15 02:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040367 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102957 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0841 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040367",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040367"
},
{
"name": "102957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2016 Click-to-Run"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka \"Office Remote Code Execution Vulnerability\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Important",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040367",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040367"
},
{
"name": "102957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2016 Click-to-Run"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka \"Office Remote Code Execution Vulnerability\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Important"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040367",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040367"
},
{
"name": "102957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102957"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0841",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0841",
"datePublished": "2018-02-15T02:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:27:07.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8572
Vulnerability from cvelistv5
Published
2017-08-01 20:00
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039010 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/99453 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039010"
},
{
"name": "99453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016."
}
]
}
],
"datePublic": "2017-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka \"Microsoft Office Outlook Information Disclosure Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039010"
},
{
"name": "99453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "20170727T00:00:00",
"ID": "CVE-2017-8572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka \"Microsoft Office Outlook Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039010"
},
{
"name": "99453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99453"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8572",
"datePublished": "2017-08-01T20:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T03:17:51.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0922
Vulnerability from cvelistv5
Published
2018-03-14 17:00
Modified
2024-09-16 22:15
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103314 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040511 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103314"
},
{
"name": "1040511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "103314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103314"
},
{
"name": "1040511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103314"
},
{
"name": "1040511",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040511"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0922",
"datePublished": "2018-03-14T17:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T22:15:01.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8506
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98811 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038666 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:23.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506"
},
{
"name": "98811",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98811"
},
{
"name": "1038666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016."
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506"
},
{
"name": "98811",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98811"
},
{
"name": "1038666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506"
},
{
"name": "98811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98811"
},
{
"name": "1038666",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8506",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:34:23.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8654
Vulnerability from cvelistv5
Published
2017-08-08 21:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039111 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100064 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039111",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039111"
},
{
"name": "100064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
],
"datePublic": "2017-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-09T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039111",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039111"
},
{
"name": "100064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039111",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039111"
},
{
"name": "100064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100064"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8654",
"datePublished": "2017-08-08T21:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-16T18:03:12.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11935
Vulnerability from cvelistv5
Published
2017-12-12 21:00
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039989 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102067 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039989",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039989"
},
{
"name": "102067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2016 Click-to-Run (C2R)"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039989",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039989"
},
{
"name": "102067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-11935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2016 Click-to-Run (C2R)"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039989",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039989"
},
{
"name": "102067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102067"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11935",
"datePublished": "2017-12-12T21:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T18:44:52.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2008-000070
Vulnerability from jvndb
Published
2008-10-22 17:49
Modified
2008-10-22 17:49
Summary
Internet Explorer vulnerable in handling CDO protocol
Details
Internet Explorer is vulnerable in handling CDO (Collaboration Data Objects) protocol, which allows the download dialog box to be bypassed.
When Internet Explorer (IE) accesses a website using CDO (Collaboration Data Objects), IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field.
This could cause a download dialog box not to be displayed prior to downloading. The CDO protocol handler is included in an Office component, and Microsoft provides the fix for this component.
NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the Microsoft Corporation under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000070.html",
"dc:date": "2008-10-22T17:49+09:00",
"dcterms:issued": "2008-10-22T17:49+09:00",
"dcterms:modified": "2008-10-22T17:49+09:00",
"description": "Internet Explorer is vulnerable in handling CDO (Collaboration Data Objects) protocol, which allows the download dialog box to be bypassed.\r\n\r\nWhen Internet Explorer (IE) accesses a website using CDO (Collaboration Data Objects), IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field.\r\nThis could cause a download dialog box not to be displayed prior to downloading. The CDO protocol handler is included in an Office component, and Microsoft provides the fix for this component.\r\n\r\nNetAgent Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the Microsoft Corporation under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000070.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:office",
"@product": "Microsoft Office",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000070",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN55410403/index.html",
"@id": "JVN#55410403",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-288A/",
"@id": "TRTA08-288A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4020",
"@id": "CVE-2008-4020",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4020",
"@id": "CVE-2008-4020",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-288A.html",
"@id": "SA08-288A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html",
"@id": "TA08-288A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/32138/",
"@id": "SA32138",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/31693",
"@id": "31693",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/2807",
"@id": "FrSIRT/ADV-2008-2807",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html",
"@id": "JVNDB-2008-000070",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Internet Explorer vulnerable in handling CDO protocol"
}
jvndb-2009-000039
Vulnerability from jvndb
Published
2009-06-18 17:54
Modified
2009-06-18 17:54
Summary
Buffer overflow vulnerability in Microsoft Works converters
Details
Microsoft Works converters contain a buffer overflow vulnerability.
Microsoft Works converters contain a buffer overflow vulnerability when processing Works (.wps) files.
The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for June 2009.
For more information, refer to Microsoft's website.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000039.html",
"dc:date": "2009-06-18T17:54+09:00",
"dcterms:issued": "2009-06-18T17:54+09:00",
"dcterms:modified": "2009-06-18T17:54+09:00",
"description": "Microsoft Works converters contain a buffer overflow vulnerability.\r\n\r\nMicrosoft Works converters contain a buffer overflow vulnerability when processing Works (.wps) files.\r\n\r\nThe security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for June 2009. \r\nFor more information, refer to Microsoft\u0027s website.\r\n\r\nYuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000039.html",
"sec:cpe": [
{
"#text": "cpe:/a:microsoft:office",
"@product": "Microsoft Office",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:microsoft:works",
"@product": "Microsoft Works",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000039",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN70858401/index.html",
"@id": "JVN#70858401",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2009-14/index.html",
"@id": "JVNTR-2009-14",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1533",
"@id": "CVE-2009-1533",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1533",
"@id": "CVE-2009-1533",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200906_msworks_en.html",
"@id": "Security Alert for Vulnerability in Microsoft Works Converter",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA09-160A.html",
"@id": "SA09-160A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html",
"@id": "TA09-160A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/35371/",
"@id": "SA35371",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/35184",
"@id": "35184",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1543",
"@id": "VUPEN/ADV-2009-1543",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Buffer overflow vulnerability in Microsoft Works converters"
}
jvndb-2015-000112
Vulnerability from jvndb
Published
2015-08-12 15:13
Modified
2015-08-12 15:13
Summary
Microsoft Office discloses a file path of a local file
Details
When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text".
Yosuke HASEGAWA of SecureSky Technology Inc. and Miyuki Chikara of MARUS JAPAN Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN20459920/index.html | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft Corporation | Microsoft Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000112.html",
"dc:date": "2015-08-12T15:13+09:00",
"dcterms:issued": "2015-08-12T15:13+09:00",
"dcterms:modified": "2015-08-12T15:13+09:00",
"description": "When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in \"alternative text\".\r\n\r\nYosuke HASEGAWA of SecureSky Technology Inc. and Miyuki Chikara of MARUS JAPAN Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000112.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:office",
"@product": "Microsoft Office",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000112",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20459920/index.html",
"@id": "JVN#20459920",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Microsoft Office discloses a file path of a local file"
}