Vulnerabilites related to microsoft - excel_for_mac
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3E93E7B-E61E-4755-8AE8-C333E6144655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Services en SharePoint Server 2013 SP1 y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0054",
"lastModified": "2024-11-21T02:41:00.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-10T11:59:18.643",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-09 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:x86:*:*",
"matchCriteriaId": "D75C97F9-8912-4FC3-8C93-F4E3F20B60FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel para Mac 2011, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6122",
"lastModified": "2024-11-21T02:34:28.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-12-09T11:59:08.440",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-09 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6040",
"lastModified": "2024-11-21T02:34:20.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-12-09T11:59:00.107",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94769 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94769 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel para Mac 2011 y Excel 2016 para Mac permiten a atacantes remotos obtener informaci\u00f3n sensible desde la memoria de proceso o provocar una denegaci\u00f3n de servicio (lectura fuera de rango) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2016-7264",
"lastModified": "2024-11-21T02:57:48.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:00.437",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94769"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100734 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100734 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "93566DC7-8B2D-4EB6-B701-15885F3AEA1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3 cuando no se gestionan correctamente los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-8630, CVE-2017-8631, y CVE-2017-8744."
}
],
"id": "CVE-2017-8632",
"lastModified": "2024-11-21T03:34:23.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-13T01:29:09.693",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B12493-4287-4AAD-9A18-D3FC3FCBE172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2010 SP2, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7234",
"lastModified": "2024-11-21T02:57:45.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:47.363",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/94020"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100719 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100719 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution\"."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Excel para Mac 2011 cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Remote Code Execution\"."
}
],
"id": "CVE-2017-8567",
"lastModified": "2024-11-21T03:34:16.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-13T01:29:09.490",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100719"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-13 05:59
Modified
2024-11-21 02:40
Severity ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | powerpoint_for_mac | 2011 | |
| microsoft | powerpoint_for_mac | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD8FD65-5B71-4EDB-938E-C721497D1516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E8183EF0-6363-4372-ABCB-03463EC5FDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel para Mac 2011, PowerPoint para Mac 2011, Word para Mac 2011, Excel 2016 para Mac, PowerPoint 2016 para Mac, Word 2016 para Mac y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0010",
"lastModified": "2024-11-21T02:40:55.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-13T05:59:08.527",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034651"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel para Mac 2011, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7231",
"lastModified": "2024-11-21T02:57:44.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:44.407",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/93996"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 01:59
Modified
2024-11-21 02:27
Severity ?
Summary
Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-15-516 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-15-516 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x32:*:*:*:*:*",
"matchCriteriaId": "75275F99-A072-4485-85E6-B4F61A6E4D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "C3E21DE5-D215-45E1-A89E-E5D23EB4667A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Excel Viewer, Office Compatibility Pack SP3 y Excel Services en SharePoint Server 2007 SP3, 2010 SP2 y 2013 SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un elemento fileVersion largo en un documento Office, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2015-2558",
"lastModified": "2024-11-21T02:27:36.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-14T01:59:13.123",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033803"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_for_mac | 2011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B12493-4287-4AAD-9A18-D3FC3FCBE172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel para Mac 2011 y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7235",
"lastModified": "2024-11-21T02:57:45.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:48.330",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/94022"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94668 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94668 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel para Mac 2011 y Excel 2016 para Mac permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7263",
"lastModified": "2024-11-21T02:57:48.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:00.403",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94668"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2010 SP2, Excel para Mac 2011, Excel 2016 para Mac y Excel Services en SharePoint Server 2010 SP2 permiten a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2016-7236",
"lastModified": "2024-11-21T02:57:45.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:49.440",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/94025"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1235"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94662 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94662 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer y Excel 2016 para Mac no maneja adecuadamente una comprobaci\u00f3n de registro, lo que permite a atacantes remotos asistidos por usuario ejecutar comandos arbitrarios a trav\u00e9s de contenido embebido manipulado en un documento, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Security Feature Bypass Vulnerability\"."
}
],
"id": "CVE-2016-7266",
"lastModified": "2024-11-21T02:57:48.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:00.497",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94662"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 01:59
Modified
2024-11-21 02:27
Severity ?
Summary
Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula object in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-15-517 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-15-517 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula object in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac y Excel Services en SharePoint Server 2010 SP2 y 2013 SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto calculatedColumnFormula manipulado en un documento Office, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2015-2555",
"lastModified": "2024-11-21T02:27:35.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-14T01:59:10.060",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033803"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-517"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-13 05:59
Modified
2024-11-21 02:40
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0035",
"lastModified": "2024-11-21T02:40:58.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-13T05:59:23.593",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034651"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-11 12:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac y Excel Services en SharePoint Server 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6094",
"lastModified": "2024-11-21T02:34:26.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-11T12:59:33.633",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/77490"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034118"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-546"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/93993 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93993 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7213",
"lastModified": "2024-11-21T02:57:42.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:26.420",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93993"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/93995 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93995 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7229",
"lastModified": "2024-11-21T02:57:44.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:42.330",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93995"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7228",
"lastModified": "2024-11-21T02:57:44.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:41.190",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/93994"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-11 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | - | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8D0B57B-4FDA-40E6-BFD4-58D709D86CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer y Excel Services en SharePoint Server 2007 SP3, 2010 SP2 y 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6038",
"lastModified": "2024-11-21T02:34:20.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-11T11:59:20.457",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/77489"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034118"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-11 12:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka "Microsoft Outlook for Mac Spoofing Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka \"Microsoft Outlook for Mac Spoofing Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Microsoft Excel para Mac 2011 y Excel 2016 para Mac permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un mensaje de correo electr\u00f3nico manipulado que es mal gestionado por Outlook para Mac, tambi\u00e9n conocida como \u0027Microsoft Outlook for Mac Spoofing Vulnerability\u0027."
}
],
"id": "CVE-2015-6123",
"lastModified": "2024-11-21T02:34:29.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-11T12:59:48.343",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/77525"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_viewer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B12493-4287-4AAD-9A18-D3FC3FCBE172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC45CB0-6C84-46D3-B16D-170D46822E54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word para Mac 2011, Excel para Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2013 SP1 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible memoria de proceso o provocar una denegaci\u00f3n de servicio cause a denial of service (escritura fuera de l\u00edmites) a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2016-7233",
"lastModified": "2024-11-21T02:57:45.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:46.300",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/94031"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_rt | 2013 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "27745C7E-94A0-4C2A-8318-684CB85F48D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-3284",
"lastModified": "2024-11-21T02:49:43.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-13T01:59:38.767",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/91594"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_online_server | * | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_designer | 2010 | |
| microsoft | sharepoint_designer | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6404DAF-34CC-47A0-B711-87EAC662FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3E93E7B-E61E-4755-8AE8-C333E6144655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "511A4ED3-E85C-4C95-B128-841220D1F79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "304608B5-63CB-4F95-9C5B-2D5EFA83BC36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Automation Services en SharePoint Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-3358",
"lastModified": "2024-11-21T02:49:51.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-14T10:59:32.013",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/92791"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-7234
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94020 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94020"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94020"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94020"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7234",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0010
Vulnerability from cvelistv5
Published
2016-01-13 02:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034651 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:11.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0010",
"datePublished": "2016-01-13T02:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:11.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0035
Vulnerability from cvelistv5
Published
2016-01-13 02:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034651 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-639 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:12.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034651"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034651"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034651"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-639",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0035",
"datePublished": "2016-01-13T02:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:12.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7213
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/93993 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7213",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0054
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034976 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:12.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0054",
"datePublished": "2016-02-10T11:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:12.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7236
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94025 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1235 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94025"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Office Excel Use-after-Free Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94025"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Office Excel Use-after-Free Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94025"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Office Excel Use-after-Free Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7236",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7228
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93994 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93994"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "93994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93994"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93994"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7228",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6123
Vulnerability from cvelistv5
Published
2015-11-11 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka "Microsoft Outlook for Mac Spoofing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034122 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/77525 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:12.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "77525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka \"Microsoft Outlook for Mac Spoofing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "77525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka \"Microsoft Outlook for Mac Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "77525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6123",
"datePublished": "2015-11-11T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:15:12.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7266
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94662 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94662"
},
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "94662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94662"
},
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94662"
},
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7266",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6094
Vulnerability from cvelistv5
Published
2015-11-11 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034122 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | vendor-advisory, x_refsource_MS | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-546 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1034118 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/77490 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-546"
},
{
"name": "1034118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034118"
},
{
"name": "77490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-546"
},
{
"name": "1034118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034118"
},
{
"name": "77490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-546",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-546"
},
{
"name": "1034118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034118"
},
{
"name": "77490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6094",
"datePublished": "2015-11-11T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8567
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution".
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100719 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Excel for Mac 2011 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel for Mac 2011"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel for Mac 2011"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
},
{
"name": "100719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8567",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T02:37:14.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2558
Vulnerability from cvelistv5
Published
2015-10-14 01:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | vendor-advisory, x_refsource_MS | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-516 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1033803 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-110",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"name": "1033803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-110",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"name": "1033803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-110",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-516",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"name": "1033803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2558",
"datePublished": "2015-10-14T01:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3284
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036274 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/91594 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91594",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91594",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3284",
"datePublished": "2016-07-13T01:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7264
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/94769 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7264",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8632
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100734 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8632",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T04:20:07.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2555
Vulnerability from cvelistv5
Published
2015-10-14 01:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula object in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | vendor-advisory, x_refsource_MS | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-517 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1033803 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-110",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-517"
},
{
"name": "1033803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula object in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-110",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-517"
},
{
"name": "1033803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula object in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-110",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-517",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-517"
},
{
"name": "1033803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2555",
"datePublished": "2015-10-14T01:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7263
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/94668 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7263",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7233
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232 | third-party-advisory, x_refsource_IDEFENSE | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94031 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94031"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94031"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94031"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7233",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6040
Vulnerability from cvelistv5
Published
2015-12-09 11:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034324 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:35.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-131",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6040",
"datePublished": "2015-12-09T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:06:35.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7235
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94022 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94022"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "94022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94022"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94022"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7235",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6122
Vulnerability from cvelistv5
Published
2015-12-09 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034324 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-131",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6122",
"datePublished": "2015-12-09T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3358
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/92791 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160913 Microsoft Office Excel Arbitrary Free Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
},
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92791",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20160913 Microsoft Office Excel Arbitrary Free Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
},
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92791",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160913 Microsoft Office Excel Arbitrary Free Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
},
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3358",
"datePublished": "2016-09-14T10:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7229
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/93995 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7229",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7231
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93996 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93996"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "93996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93996"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93996"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7231",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6038
Vulnerability from cvelistv5
Published
2015-11-11 11:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77489 | vdb-entry, x_refsource_BID | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-543 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1034122 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034118 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:35.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77489"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "77489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77489"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77489"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-543",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"name": "1034122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6038",
"datePublished": "2015-11-11T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:06:35.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}