Vulnerabilites related to microsoft - excel_rt
Vulnerability from fkie_nvd
Published
2018-04-12 01:29
Modified
2024-11-21 03:58
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029.
Impacted products
Vendor Product Version
microsoft excel 2010
microsoft excel 2013
microsoft excel_rt 2013



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "27745C7E-94A0-4C2A-8318-684CB85F48D2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029.",
      },
      {
         lang: "es",
         value: "Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft Excel cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Esto afecta a Microsoft Excel. El ID de este CVE es diferente de CVE-2018-0920, CVE-2018-1027 y CVE-2018-1029.",
      },
   ],
   id: "CVE-2018-1011",
   lastModified: "2024-11-21T03:58:59.530",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-04-12T01:29:09.487",
   references: [
      {
         source: "secure@microsoft.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103611",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040652",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103611",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040652",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-12-15 15:15
Modified
2024-11-21 06:28
Summary
Microsoft Excel Remote Code Execution Vulnerability



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
                     matchCriteriaId: "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
                     matchCriteriaId: "CD25F492-9272-4836-832C-8439EBE64CCF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*",
                     matchCriteriaId: "48B20360-1A85-4A6A-BA03-0B62C97CCB0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*",
                     matchCriteriaId: "E8426C4D-C00D-44C2-B072-9D600C8B9543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*",
                     matchCriteriaId: "CD88F667-6773-4DB7-B6C3-9C7B769C0808",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
                     matchCriteriaId: "B342EF98-B414-44D0-BAFB-FCA24294EECE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "27745C7E-94A0-4C2A-8318-684CB85F48D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
                     matchCriteriaId: "CF5DDD09-902E-4881-98D0-CB896333B4AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
                     matchCriteriaId: "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*",
                     matchCriteriaId: "1AC0C23F-FC55-4DA1-8527-EB4432038FB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*",
                     matchCriteriaId: "A719B461-7869-46D0-9300-D0A348DC26A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Microsoft Excel Remote Code Execution Vulnerability",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel",
      },
   ],
   id: "CVE-2021-43256",
   lastModified: "2024-11-21T06:28:56.303",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "secure@microsoft.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-12-15T15:15:10.730",
   references: [
      {
         source: "secure@microsoft.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2024-11-21 02:49
Summary
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
                     matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "27745C7E-94A0-4C2A-8318-684CB85F48D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "9CCB2D72-B779-4772-8F72-7177E3F47A92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:powerpoint_rt:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "2FA6DEE3-84A5-42DC-9C52-21A3986376C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "558B8B5E-125A-4370-A6E9-3CB75808D7B3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka \"Microsoft Office Remote Code Execution Vulnerability.\"",
      },
      {
         lang: "es",
         value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un archivo XLA manipulado, también conocida como \"Microsoft Office Remote Code Execution Vulnerability\".",
      },
   ],
   id: "CVE-2016-3279",
   lastModified: "2024-11-21T02:49:43.290",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-07-13T01:59:33.610",
   references: [
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/bid/91587",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securitytracker.com/id/1036274",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securitytracker.com/id/1036275",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/91587",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1036274",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1036275",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-254",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-04-15 19:15
Modified
2024-11-21 06:54
Summary
Microsoft Excel Remote Code Execution Vulnerability



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:-:*:*:*",
                     matchCriteriaId: "BF89FEC4-936E-4226-94F9-2BD0CB0CA09F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
                     matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "27745C7E-94A0-4C2A-8318-684CB85F48D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2013_rt:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "30C744C1-EACB-4D91-A72B-468842308AA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
                     matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*",
                     matchCriteriaId: "25D63F31-2978-4C24-B7CA-6A0398012700",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*",
                     matchCriteriaId: "0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Microsoft Excel Remote Code Execution Vulnerability",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel. Este ID de CVE es diferente de CVE-2022-24473",
      },
   ],
   id: "CVE-2022-26901",
   lastModified: "2024-11-21T06:54:45.673",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "secure@microsoft.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-04-15T19:15:14.930",
   references: [
      {
         source: "secure@microsoft.com",
         url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2024-11-21 02:49
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
                     matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
                     matchCriteriaId: "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C6BEA4C-18FE-48D1-86AB-670833528150",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "27745C7E-94A0-4C2A-8318-684CB85F48D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"",
      },
      {
         lang: "es",
         value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como \"Microsoft Office Memory Corruption Vulnerability\".",
      },
   ],
   id: "CVE-2016-3284",
   lastModified: "2024-11-21T02:49:43.830",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-07-13T01:59:38.767",
   references: [
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/bid/91594",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securitytracker.com/id/1036274",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/91594",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1036274",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2022-26901
Vulnerability from cvelistv5
Published
2022-04-15 19:05
Modified
2025-01-02 18:51
Impacted products
Vendor Product Version
Microsoft Microsoft Office 2019 for Mac Version: 16.0.0   < 16.60.22041000
Microsoft Microsoft Office Online Server Version: 16.0.1   < 16.0.10385.20001
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Office LTSC for Mac 2021 Version: 16.0.1   < 16.60.22041000
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
Microsoft Microsoft Excel 2016 Version: 16.0.0.0   < 16.0.5305.1000
Microsoft Microsoft Office 2016 Version: 16.0.0   < 16.0.5305.1000
Microsoft Microsoft Excel 2013 Service Pack 1 Version: 15.0.0.0   < 15.0.5441.1000
Microsoft Microsoft Office 2013 Service Pack 1 Version: 15.0.0   < 15.0.5441.1000
Microsoft Microsoft Office Web Apps Server 2013 Service Pack 1 Version: 15.0.1   < 15.0.5441.1000
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:18:38.113Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Microsoft Excel Remote Code Execution Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               platforms: [
                  "Unknown",
               ],
               product: "Microsoft Office 2019 for Mac",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "16.60.22041000",
                     status: "affected",
                     version: "16.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "Unknown",
               ],
               product: "Microsoft Office Online Server",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "16.0.10385.20001",
                     status: "affected",
                     version: "16.0.1",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft 365 Apps for Enterprise",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "https://aka.ms/OfficeSecurityReleases",
                     status: "affected",
                     version: "16.0.1",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "Unknown",
               ],
               product: "Microsoft Office LTSC for Mac 2021",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "16.60.22041000",
                     status: "affected",
                     version: "16.0.1",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "x64-based Systems",
                  "32-bit Systems",
               ],
               product: "Microsoft Office LTSC 2021",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "https://aka.ms/OfficeSecurityReleases",
                     status: "affected",
                     version: "16.0.1",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft Excel 2016",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "16.0.5305.1000",
                     status: "affected",
                     version: "16.0.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft Office 2016",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "16.0.5305.1000",
                     status: "affected",
                     version: "16.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "ARM64-based Systems",
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft Excel 2013 Service Pack 1",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "15.0.5441.1000",
                     status: "affected",
                     version: "15.0.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "ARM64-based Systems",
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft Office 2013 Service Pack 1",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "15.0.5441.1000",
                     status: "affected",
                     version: "15.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "Unknown",
               ],
               product: "Microsoft Office Web Apps Server 2013 Service Pack 1",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "15.0.5441.1000",
                     status: "affected",
                     version: "15.0.1",
                     versionType: "custom",
                  },
               ],
            },
         ],
         cpeApplicability: [
            {
               nodes: [
                  {
                     cpeMatch: [
                        {
                           criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*",
                           versionEndExcluding: "16.60.22041000",
                           versionStartIncluding: "16.0.0",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
                           versionEndExcluding: "16.0.10385.20001",
                           versionStartIncluding: "16.0.1",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                           versionEndExcluding: "https://aka.ms/OfficeSecurityReleases",
                           versionStartIncluding: "16.0.1",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*",
                           versionEndExcluding: "16.60.22041000",
                           versionStartIncluding: "16.0.1",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                           versionEndExcluding: "https://aka.ms/OfficeSecurityReleases",
                           versionStartIncluding: "16.0.1",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*",
                           versionEndExcluding: "16.0.5305.1000",
                           versionStartIncluding: "16.0.0.0",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*",
                           versionEndExcluding: "16.0.5305.1000",
                           versionStartIncluding: "16.0.0",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:excel:*:sp1:*:*:rt:*:*:*",
                           versionEndExcluding: "15.0.5441.1000",
                           versionStartIncluding: "15.0.0.0",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:office:*:sp1:*:*:rt:*:*:*",
                           versionEndExcluding: "15.0.5441.1000",
                           versionStartIncluding: "15.0.0",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*",
                           versionEndExcluding: "15.0.5441.1000",
                           versionStartIncluding: "15.0.1",
                           vulnerable: true,
                        },
                     ],
                     negate: false,
                     operator: "OR",
                  },
               ],
            },
         ],
         datePublic: "2022-04-12T07:00:00+00:00",
         descriptions: [
            {
               lang: "en-US",
               value: "Microsoft Excel Remote Code Execution Vulnerability",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en-US",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Remote Code Execution",
                     lang: "en-US",
                     type: "Impact",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-02T18:51:39.168Z",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "Microsoft Excel Remote Code Execution Vulnerability",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901",
            },
         ],
         title: "Microsoft Excel Remote Code Execution Vulnerability",
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2022-26901",
      datePublished: "2022-04-15T19:05:39",
      dateReserved: "2022-03-11T00:00:00",
      dateUpdated: "2025-01-02T18:51:39.168Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-43256
Vulnerability from cvelistv5
Published
2021-12-15 14:15
Modified
2024-08-04 03:55
Impacted products
Vendor Product Version
Microsoft Office Online Server Version: https://aka.ms/OfficeSecurityReleases   < 16.0.10381.20001
    cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*
Microsoft Microsoft Office 2019 Version: 19.0.0   < https://aka.ms/OfficeSecurityReleases
    cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
    cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
    cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*
Microsoft Microsoft Excel 2016 Version: 16.0.0.0   < 16.0.5254.1000
    cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*
    cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*
Microsoft Microsoft Excel 2013 Service Pack 1 Version: 15.0.0.0   < 15.0.5407.1000
    cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*
    cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*
    cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*
Microsoft Microsoft Office Web Apps Server 2013 Service Pack 1 Version: 15.0.1   < 15.0.5407.1000
    cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:55:28.380Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*",
               ],
               platforms: [
                  "Unknown",
               ],
               product: "Office Online Server",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "16.0.10381.20001",
                     status: "affected",
                     version: "https://aka.ms/OfficeSecurityReleases",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft Office 2019",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "https://aka.ms/OfficeSecurityReleases",
                     status: "affected",
                     version: "19.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft 365 Apps for Enterprise",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "https://aka.ms/OfficeSecurityReleases",
                     status: "affected",
                     version: "16.0.1",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "x64-based Systems",
                  "32-bit Systems",
               ],
               product: "Microsoft Office LTSC 2021",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "https://aka.ms/OfficeSecurityReleases",
                     status: "affected",
                     version: "16.0.1",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
                  "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft Excel 2016",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "16.0.5254.1000",
                     status: "affected",
                     version: "16.0.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
                  "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*",
                  "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*",
               ],
               platforms: [
                  "ARM64-based Systems",
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Microsoft Excel 2013 Service Pack 1",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "15.0.5407.1000",
                     status: "affected",
                     version: "15.0.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
               ],
               platforms: [
                  "Unknown",
               ],
               product: "Microsoft Office Web Apps Server 2013 Service Pack 1",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "15.0.5407.1000",
                     status: "affected",
                     version: "15.0.1",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2021-12-14T08:00:00+00:00",
         descriptions: [
            {
               lang: "en-US",
               value: "Microsoft Excel Remote Code Execution Vulnerability",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en-US",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Remote Code Execution",
                     lang: "en-US",
                     type: "Impact",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-29T14:44:32.438Z",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256",
            },
         ],
         title: "Microsoft Excel Remote Code Execution Vulnerability",
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2021-43256",
      datePublished: "2021-12-15T14:15:29",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-08-04T03:55:28.380Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3284
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:47:59.180Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1036274",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036274",
               },
               {
                  name: "MS16-088",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
               },
               {
                  name: "91594",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91594",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-07-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-12T19:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "1036274",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036274",
            },
            {
               name: "MS16-088",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
            },
            {
               name: "91594",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/91594",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2016-3284",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1036274",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1036274",
                  },
                  {
                     name: "MS16-088",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
                  },
                  {
                     name: "91594",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/91594",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2016-3284",
      datePublished: "2016-07-13T01:00:00",
      dateReserved: "2016-03-15T00:00:00",
      dateUpdated: "2024-08-05T23:47:59.180Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3279
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
Summary
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."
References
http://www.securitytracker.com/id/1036274vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1036275vdb-entry, x_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088vendor-advisory, x_refsource_MS
http://www.securityfocus.com/bid/91587vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:47:59.157Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1036274",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036274",
               },
               {
                  name: "1036275",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036275",
               },
               {
                  name: "MS16-088",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
               },
               {
                  name: "91587",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91587",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-07-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka \"Microsoft Office Remote Code Execution Vulnerability.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-12T19:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "1036274",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036274",
            },
            {
               name: "1036275",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036275",
            },
            {
               name: "MS16-088",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
            },
            {
               name: "91587",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/91587",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2016-3279",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka \"Microsoft Office Remote Code Execution Vulnerability.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1036274",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1036274",
                  },
                  {
                     name: "1036275",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1036275",
                  },
                  {
                     name: "MS16-088",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088",
                  },
                  {
                     name: "91587",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/91587",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2016-3279",
      datePublished: "2016-07-13T01:00:00",
      dateReserved: "2016-03-15T00:00:00",
      dateUpdated: "2024-08-05T23:47:59.157Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1011
Vulnerability from cvelistv5
Published
2018-04-12 01:00
Modified
2024-08-05 03:44
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029.
Impacted products
Vendor Product Version
Microsoft Microsoft Excel Version: 2010 Service Pack 2 (32-bit editions)
Version: 2010 Service Pack 2 (64-bit editions)
Version: 2013 RT Service Pack 1
Version: 2013 Service Pack 1 (32-bit editions)
Version: 2013 Service Pack 1 (64-bit editions)
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:44:11.822Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011",
               },
               {
                  name: "103611",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103611",
               },
               {
                  name: "1040652",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040652",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Microsoft Excel",
               vendor: "Microsoft",
               versions: [
                  {
                     status: "affected",
                     version: "2010 Service Pack 2 (32-bit editions)",
                  },
                  {
                     status: "affected",
                     version: "2010 Service Pack 2 (64-bit editions)",
                  },
                  {
                     status: "affected",
                     version: "2013 RT Service Pack 1",
                  },
                  {
                     status: "affected",
                     version: "2013 Service Pack 1 (32-bit editions)",
                  },
                  {
                     status: "affected",
                     version: "2013 Service Pack 1 (64-bit editions)",
                  },
               ],
            },
         ],
         datePublic: "2018-04-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Remote Code Execution",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-04-12T09:57:02",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011",
            },
            {
               name: "103611",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103611",
            },
            {
               name: "1040652",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040652",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2018-1011",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Microsoft Excel",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "2010 Service Pack 2 (32-bit editions)",
                                       },
                                       {
                                          version_value: "2010 Service Pack 2 (64-bit editions)",
                                       },
                                       {
                                          version_value: "2013 RT Service Pack 1",
                                       },
                                       {
                                          version_value: "2013 Service Pack 1 (32-bit editions)",
                                       },
                                       {
                                          version_value: "2013 Service Pack 1 (64-bit editions)",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Microsoft",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Remote Code Execution",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011",
                     refsource: "CONFIRM",
                     url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011",
                  },
                  {
                     name: "103611",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103611",
                  },
                  {
                     name: "1040652",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040652",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2018-1011",
      datePublished: "2018-04-12T01:00:00",
      dateReserved: "2017-12-01T00:00:00",
      dateUpdated: "2024-08-05T03:44:11.822Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}