All the vulnerabilites related to microsoft - office_compatibility_pack
cve-2013-0006
Vulnerability from cvelistv5
Published
2013-01-09 18:00
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA13-008A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429 | vdb-entry, signature, x_refsource_OVAL | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA13-008A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "MS13-002",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
},
{
"name": "oval:org.mitre.oval:def:16429",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka \"MSXML Integer Truncation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-20T19:16:49",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA13-008A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "MS13-002",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
},
{
"name": "oval:org.mitre.oval:def:16429",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-0006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka \"MSXML Integer Truncation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA13-008A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "MS13-002",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
},
{
"name": "oval:org.mitre.oval:def:16429",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-0006",
"datePublished": "2013-01-09T18:00:00",
"dateReserved": "2012-11-27T00:00:00",
"dateUpdated": "2024-08-06T14:10:56.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0807
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102461 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102461"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102461"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102461"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0807",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T00:56:03.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3857
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18741",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741"
},
{
"name": "oval:org.mitre.oval:def:18942",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18741",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741"
},
{
"name": "oval:org.mitre.oval:def:18942",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18741",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741"
},
{
"name": "oval:org.mitre.oval:def:18942",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942"
},
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3857",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3240
Vulnerability from cvelistv5
Published
2010-10-13 18:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-285A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7196",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196"
},
{
"name": "MS10-080",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"name": "TA10-285A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Real Time Data Array Record Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7196",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196"
},
{
"name": "MS10-080",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"name": "TA10-285A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Real Time Data Array Record Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7196",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196"
},
{
"name": "MS10-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-3240",
"datePublished": "2010-10-13T18:00:00",
"dateReserved": "2010-09-03T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2528
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:15.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2528",
"datePublished": "2009-10-14T10:00:00",
"dateReserved": "2009-07-17T00:00:00",
"dateUpdated": "2024-08-07T05:52:15.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3284
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036274 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/91594 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91594",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91594",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3284",
"datePublished": "2016-07-13T01:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1761
Vulnerability from cvelistv5
Published
2014-03-24 19:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 | vendor-advisory, x_refsource_MS | |
| http://technet.microsoft.com/security/advisory/2953095 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS14-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/advisory/2953095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS14-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.microsoft.com/security/advisory/2953095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-1761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
},
{
"name": "http://technet.microsoft.com/security/advisory/2953095",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2953095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-1761",
"datePublished": "2014-03-24T19:00:00",
"dateReserved": "2014-01-29T00:00:00",
"dateUpdated": "2024-08-06T09:50:11.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1988
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:01.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS11-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"name": "oval:org.mitre.oval:def:12836",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Heap Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS11-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"name": "oval:org.mitre.oval:def:12836",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Heap Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"name": "oval:org.mitre.oval:def:12836",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1988",
"datePublished": "2011-09-15T10:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:01.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0052
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0022.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034976 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034975 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:12.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0022."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0022."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0052",
"datePublished": "2016-02-10T11:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:12.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3280
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036274 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/91582 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "MS16-088",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3280",
"datePublished": "2016-07-13T01:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2503
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2503",
"datePublished": "2009-10-14T10:00:00",
"dateReserved": "2009-07-17T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0261
Vulnerability from cvelistv5
Published
2010-03-10 22:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861 | third-party-advisory, x_refsource_IDEFENSE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-068A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1023698 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100309 Microsoft Excel MDXSET Record Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861"
},
{
"name": "oval:org.mitre.oval:def:8479",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which \"a MDXSET record is broken up into several records,\" aka \"Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20100309 Microsoft Excel MDXSET Record Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861"
},
{
"name": "oval:org.mitre.oval:def:8479",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which \"a MDXSET record is broken up into several records,\" aka \"Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100309 Microsoft Excel MDXSET Record Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861"
},
{
"name": "oval:org.mitre.oval:def:8479",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479"
},
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0261",
"datePublished": "2010-03-10T22:00:00",
"dateReserved": "2010-01-07T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11877
Vulnerability from cvelistv5
Published
2017-11-15 03:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039783 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101747 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
},
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "101747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
},
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "101747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
},
{
"name": "1039783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "101747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11877",
"datePublished": "2017-11-15T03:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T23:30:46.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8160
Vulnerability from cvelistv5
Published
2018-05-09 19:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040852 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104051 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Word |
Version: Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040852"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160"
},
{
"name": "104051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Word",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
},
{
"status": "affected",
"version": "Web Apps Server 2010 Service Pack 2"
}
]
}
],
"datePublic": "2018-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in Outlook when a message is opened, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Word, Microsoft Office."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040852"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160"
},
{
"name": "104051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Word",
"version": {
"version_data": [
{
"version_value": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "Compatibility Pack Service Pack 3"
},
{
"version_value": "Web Apps Server 2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Outlook when a message is opened, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Word, Microsoft Office."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040852"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160"
},
{
"name": "104051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8160",
"datePublished": "2018-05-09T19:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:46:13.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8432
Vulnerability from cvelistv5
Published
2018-10-10 13:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105458 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041823 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 7 |
Version: 32-bit Systems Service Pack 1 Version: x64-based Systems Service Pack 1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105458"
},
{
"name": "1041823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Office Word Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Office Word Viewer"
}
]
},
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Microsoft PowerPoint Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "365 ProPlus for 32-bit Systems"
},
{
"status": "affected",
"version": "365 ProPlus for 64-bit Systems"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105458"
},
{
"name": "1041823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office Word Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Office Word Viewer"
}
]
}
},
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft PowerPoint Viewer",
"version": {
"version_data": [
{
"version_value": "2007"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105458"
},
{
"name": "1041823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041823"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8432",
"datePublished": "2018-10-10T13:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3359
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1228 | third-party-advisory, x_refsource_IDEFENSE | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "20160913 Microsoft Office Excel OOB Read Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1228"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "20160913 Microsoft Office Excel OOB Read Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1228"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "20160913 Microsoft Office Excel OOB Read Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1228"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3359",
"datePublished": "2016-09-14T10:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6356
Vulnerability from cvelistv5
Published
2014-12-11 00:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS14-081",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Invalid Index Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS14-081",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Invalid Index Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-081",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-6356",
"datePublished": "2014-12-11T00:00:00",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0098
Vulnerability from cvelistv5
Published
2011-04-13 18:00
Modified
2024-08-06 21:43
Severity ?
EPSS score ?
Summary
Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA11-102A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/advisories/39122 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/71759 | vdb-entry, x_refsource_OSVDB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/id?1025337 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/47235 | vdb-entry, x_refsource_BID | |
| http://secunia.com/secunia_research/2011-32/ | x_refsource_MISC | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | vendor-advisory, x_refsource_MS | |
| http://www.vupen.com/english/advisories/2011/0940 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:14.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39122"
},
{
"name": "71759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71759"
},
{
"name": "oval:org.mitre.oval:def:12034",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"
},
{
"name": "1025337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "47235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47235"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-32/"
},
{
"name": "MS11-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "ADV-2011-0940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39122"
},
{
"name": "71759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71759"
},
{
"name": "oval:org.mitre.oval:def:12034",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"
},
{
"name": "1025337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "47235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47235"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-32/"
},
{
"name": "MS11-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "ADV-2011-0940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39122"
},
{
"name": "71759",
"refsource": "OSVDB",
"url": "http://osvdb.org/71759"
},
{
"name": "oval:org.mitre.oval:def:12034",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"
},
{
"name": "1025337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "47235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47235"
},
{
"name": "http://secunia.com/secunia_research/2011-32/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-32/"
},
{
"name": "MS11-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "ADV-2011-0940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-0098",
"datePublished": "2011-04-13T18:00:00",
"dateReserved": "2010-12-21T00:00:00",
"dateUpdated": "2024-08-06T21:43:14.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8509
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98812 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8509",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2539
Vulnerability from cvelistv5
Published
2012-12-12 00:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-346A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA12-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-079",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079"
},
{
"name": "oval:org.mitre.oval:def:16073",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"Word RTF \u0027listoverridecount\u0027 Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA12-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-079",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079"
},
{
"name": "oval:org.mitre.oval:def:16073",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-2539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"Word RTF \u0027listoverridecount\u0027 Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-079",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079"
},
{
"name": "oval:org.mitre.oval:def:16073",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-2539",
"datePublished": "2012-12-12T00:00:00",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1641
Vulnerability from cvelistv5
Published
2015-04-14 20:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032104 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/73995 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "73995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73995"
},
{
"name": "MS15-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "73995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73995"
},
{
"name": "MS15-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "73995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73995"
},
{
"name": "MS15-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-1641",
"datePublished": "2015-04-14T20:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3234
Vulnerability from cvelistv5
Published
2016-06-16 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1036093 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-070",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-070",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3234",
"datePublished": "2016-06-16T01:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6335
Vulnerability from cvelistv5
Published
2014-11-11 22:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031189 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/59867 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/70963 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "59867",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59867"
},
{
"name": "70963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1031189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "59867",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59867"
},
{
"name": "70963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "59867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59867"
},
{
"name": "70963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-6335",
"datePublished": "2014-11-11T22:00:00",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6040
Vulnerability from cvelistv5
Published
2015-12-09 11:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034324 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:35.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-131",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6040",
"datePublished": "2015-12-09T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:06:35.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0031
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96052 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031"
},
{
"name": "96052",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031"
},
{
"name": "96052",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031"
},
{
"name": "96052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0031",
"datePublished": "2017-03-17T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2543
Vulnerability from cvelistv5
Published
2012-11-14 00:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/56431 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA12-318A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1027752 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56431"
},
{
"name": "oval:org.mitre.oval:def:15908",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908"
},
{
"name": "MS12-076",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "oval:org.mitre.oval:def:15737",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737"
},
{
"name": "TA12-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "1027752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Stack Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "56431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56431"
},
{
"name": "oval:org.mitre.oval:def:15908",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908"
},
{
"name": "MS12-076",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "oval:org.mitre.oval:def:15737",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737"
},
{
"name": "TA12-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "1027752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-2543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Stack Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56431"
},
{
"name": "oval:org.mitre.oval:def:15908",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908"
},
{
"name": "MS12-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "oval:org.mitre.oval:def:15737",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737"
},
{
"name": "TA12-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "1027752",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-2543",
"datePublished": "2012-11-14T00:00:00",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11878
Vulnerability from cvelistv5
Published
2017-11-15 03:00
Modified
2024-09-17 04:05
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039783 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101756 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878"
},
{
"name": "101756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Excel Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878"
},
{
"name": "101756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Excel Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039783"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878"
},
{
"name": "101756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11878",
"datePublished": "2017-11-15T03:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-17T04:05:13.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0238
Vulnerability from cvelistv5
Published
2009-02-25 16:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.microsoft.com/technet/security/advisory/968272.mspx | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1023 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48875 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/cas/techalerts/TA09-104A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/33870 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99 | x_refsource_MISC | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968 | vdb-entry, signature, x_refsource_OVAL | |
| http://isc.sans.org/diary.html?storyid=5923 | x_refsource_MISC | |
| http://securitytracker.com/id?1021744 | vdb-entry, x_refsource_SECTRACK | |
| http://blogs.zdnet.com/security/?p=2658 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"name": "ADV-2009-1023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "ms-excel-unspecified-code-execution(48875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "33870",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"name": "MS09-009",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:5968",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"name": "1021744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=2658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"name": "ADV-2009-1023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "ms-excel-unspecified-code-execution(48875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "33870",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"name": "MS09-009",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:5968",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"name": "1021744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=2658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.microsoft.com/technet/security/advisory/968272.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"name": "ADV-2009-1023",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "ms-excel-unspecified-code-execution(48875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "33870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33870"
},
{
"name": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99",
"refsource": "MISC",
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"name": "MS09-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:5968",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
},
{
"name": "http://isc.sans.org/diary.html?storyid=5923",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"name": "1021744",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021744"
},
{
"name": "http://blogs.zdnet.com/security/?p=2658",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=2658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0238",
"datePublished": "2009-02-25T16:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0262
Vulnerability from cvelistv5
Published
2010-03-10 22:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860 | third-party-advisory, x_refsource_IDEFENSE | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-068A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/id?1023698 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100309 Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "oval:org.mitre.oval:def:8562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka \"Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20100309 Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "oval:org.mitre.oval:def:8562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka \"Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100309 Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860"
},
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "oval:org.mitre.oval:def:8562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0262",
"datePublished": "2010-03-10T22:00:00",
"dateReserved": "2010-01-07T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3358
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/92791 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160913 Microsoft Office Excel Arbitrary Free Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
},
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92791",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20160913 Microsoft Office Excel Arbitrary Free Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
},
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92791",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160913 Microsoft Office Excel Arbitrary Free Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
},
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3358",
"datePublished": "2016-09-14T10:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6038
Vulnerability from cvelistv5
Published
2015-11-11 11:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77489 | vdb-entry, x_refsource_BID | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-543 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1034122 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034118 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:35.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77489"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "77489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77489"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77489"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-543",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"name": "1034122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6038",
"datePublished": "2015-11-11T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:06:35.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8148
Vulnerability from cvelistv5
Published
2018-05-09 19:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104053 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040857 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) Version: 2016 Click-to-Run (C2R) for 32-bit editions Version: 2016 Click-to-Run (C2R) for 64-bit editions Version: Compatibility Pack Service Pack 3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104053",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104053"
},
{
"name": "1040857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
}
],
"datePublic": "2018-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "104053",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104053"
},
{
"name": "1040857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104053"
},
{
"name": "1040857",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040857"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8148",
"datePublished": "2018-05-09T19:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:46:13.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0862
Vulnerability from cvelistv5
Published
2018-01-22 23:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102749 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862"
},
{
"name": "102749",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-23T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862"
},
{
"name": "102749",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-19T00:00:00",
"ID": "CVE-2018-0862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862"
},
{
"name": "102749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0862",
"datePublished": "2018-01-22T23:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T02:41:27.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6172
Vulnerability from cvelistv5
Published
2015-12-09 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034325 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034325",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka \"Microsoft Office RCE Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034325",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka \"Microsoft Office RCE Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-131",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034325",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6172",
"datePublished": "2015-12-09T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7228
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93994 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93994"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "93994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93994"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93994"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7228",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6177
Vulnerability from cvelistv5
Published
2015-12-09 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034324 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-131",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6177",
"datePublished": "2015-12-09T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0053
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96745 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:17.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
},
{
"name": "96745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
},
{
"name": "96745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
},
{
"name": "96745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0053",
"datePublished": "2017-03-17T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:17.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0823
Vulnerability from cvelistv5
Published
2010-06-08 20:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7240 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-159B.html | third-party-advisory, x_refsource_CERT | |
| http://osvdb.org/65233 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7240",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7240"
},
{
"name": "MS10-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "65233",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka \"Excel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-1247 and CVE-2010-1249."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7240",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7240"
},
{
"name": "MS10-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "65233",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka \"Excel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-1247 and CVE-2010-1249."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7240",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7240"
},
{
"name": "MS10-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "65233",
"refsource": "OSVDB",
"url": "http://osvdb.org/65233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0823",
"datePublished": "2010-06-08T20:00:00",
"dateReserved": "2010-03-02T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1900
Vulnerability from cvelistv5
Published
2010-08-11 18:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA10-222A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA10-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "oval:org.mitre.oval:def:11490",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490"
},
{
"name": "MS10-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka \"Word Record Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA10-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "oval:org.mitre.oval:def:11490",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490"
},
{
"name": "MS10-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka \"Word Record Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "oval:org.mitre.oval:def:11490",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490"
},
{
"name": "MS10-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1900",
"datePublished": "2010-08-11T18:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T02:17:12.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1901
Vulnerability from cvelistv5
Published
2010-08-11 18:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA10-222A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA10-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"name": "oval:org.mitre.oval:def:11612",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka \"Word RTF Parsing Engine Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA10-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"name": "oval:org.mitre.oval:def:11612",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka \"Word RTF Parsing Engine Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"name": "oval:org.mitre.oval:def:11612",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1901",
"datePublished": "2010-08-11T18:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2500
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5967",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5967",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5967",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2500",
"datePublished": "2009-10-14T10:00:00",
"dateReserved": "2009-07-17T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2501
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2501",
"datePublished": "2009-10-14T10:00:00",
"dateReserved": "2009-07-17T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1889
Vulnerability from cvelistv5
Published
2012-06-13 01:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-192A.html | third-party-advisory, x_refsource_CERT | |
| http://technet.microsoft.com/security/advisory/2719615 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA12-174A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:26.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA12-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/advisory/2719615"
},
{
"name": "oval:org.mitre.oval:def:15195",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195"
},
{
"name": "MS12-043",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043"
},
{
"name": "TA12-174A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-174A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA12-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.microsoft.com/security/advisory/2719615"
},
{
"name": "oval:org.mitre.oval:def:15195",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195"
},
{
"name": "MS12-043",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043"
},
{
"name": "TA12-174A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-174A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-1889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
},
{
"name": "http://technet.microsoft.com/security/advisory/2719615",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2719615"
},
{
"name": "oval:org.mitre.oval:def:15195",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195"
},
{
"name": "MS12-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043"
},
{
"name": "TA12-174A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-174A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-1889",
"datePublished": "2012-06-13T01:00:00",
"dateReserved": "2012-03-22T00:00:00",
"dateUpdated": "2024-08-06T19:17:26.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0656
Vulnerability from cvelistv5
Published
2011-04-13 18:00
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA11-102A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1025340 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-125 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/47251 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2011/0941 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/71770 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/517482/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11761",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761"
},
{
"name": "MS11-022",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "1025340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-125"
},
{
"name": "47251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47251"
},
{
"name": "ADV-2011-0941",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0941"
},
{
"name": "71770",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71770"
},
{
"name": "20110412 ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517482/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka \"Persist Directory RCE Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11761",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761"
},
{
"name": "MS11-022",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "1025340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-125"
},
{
"name": "47251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47251"
},
{
"name": "ADV-2011-0941",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0941"
},
{
"name": "71770",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71770"
},
{
"name": "20110412 ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517482/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka \"Persist Directory RCE Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11761",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761"
},
{
"name": "MS11-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "1025340",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025340"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-125",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-125"
},
{
"name": "47251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47251"
},
{
"name": "ADV-2011-0941",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0941"
},
{
"name": "71770",
"refsource": "OSVDB",
"url": "http://osvdb.org/71770"
},
{
"name": "20110412 ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517482/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-0656",
"datePublished": "2011-04-13T18:00:00",
"dateReserved": "2011-01-28T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0845
Vulnerability from cvelistv5
Published
2018-01-22 23:00
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102746 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102746"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-23T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102746"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-19T00:00:00",
"ID": "CVE-2018-0845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102746"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0845",
"datePublished": "2018-01-22T23:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T02:52:09.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0085
Vulnerability from cvelistv5
Published
2015-03-11 10:00
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031896 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:27.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031896",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031896"
},
{
"name": "MS15-022",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1031896",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031896"
},
{
"name": "MS15-022",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-0085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031896"
},
{
"name": "MS15-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-0085",
"datePublished": "2015-03-11T10:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:27.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3906
Vulnerability from cvelistv5
Published
2013-11-06 11:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096 | vendor-advisory, x_refsource_MS | |
| http://www.exploit-db.com/exploits/30011 | exploit, x_refsource_EXPLOIT-DB | |
| http://technet.microsoft.com/security/advisory/2896666 | x_refsource_CONFIRM | |
| http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx | x_refsource_CONFIRM | |
| http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS13-096",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096"
},
{
"name": "30011",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/advisory/2896666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS13-096",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096"
},
{
"name": "30011",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.microsoft.com/security/advisory/2896666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-096",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096"
},
{
"name": "30011",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30011"
},
{
"name": "http://technet.microsoft.com/security/advisory/2896666",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2896666"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx"
},
{
"name": "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2",
"refsource": "MISC",
"url": "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3906",
"datePublished": "2013-11-06T11:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6334
Vulnerability from cvelistv5
Published
2014-11-11 22:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031189 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/59867 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/70962 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "59867",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59867"
},
{
"name": "70962",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Bad Index Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1031189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "59867",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59867"
},
{
"name": "70962",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Bad Index Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "59867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59867"
},
{
"name": "70962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-6334",
"datePublished": "2014-11-11T22:00:00",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0260
Vulnerability from cvelistv5
Published
2014-01-15 02:00
Modified
2024-08-06 09:13
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029599 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1029598 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1029599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-0260",
"datePublished": "2014-01-15T02:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:13:09.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0263
Vulnerability from cvelistv5
Published
2010-03-10 22:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-068A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/archive/1/509979/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-025/ | x_refsource_MISC | |
| http://www.securitytracker.com/id?1023698 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:8407",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "20100309 ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509979/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-025/"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka \"Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:8407",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "20100309 ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509979/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-025/"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka \"Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:8407",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407"
},
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "20100309 ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509979/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-025/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-025/"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0263",
"datePublished": "2010-03-10T22:00:00",
"dateReserved": "2010-01-07T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6360
Vulnerability from cvelistv5
Published
2014-12-11 00:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Global Free Remote Code Execution in Excel Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS14-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Global Free Remote Code Execution in Excel Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS14-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Global Free Remote Code Execution in Excel Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-6360",
"datePublished": "2014-12-11T00:00:00",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2528
Vulnerability from cvelistv5
Published
2012-10-09 21:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/55781 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/cas/techalerts/TA12-283A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15680",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680"
},
{
"name": "55781",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55781"
},
{
"name": "TA12-283A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
},
{
"name": "MS12-064",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka \"RTF File listid Use-After-Free Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15680",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680"
},
{
"name": "55781",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55781"
},
{
"name": "TA12-283A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
},
{
"name": "MS12-064",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-2528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka \"RTF File listid Use-After-Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15680",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680"
},
{
"name": "55781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55781"
},
{
"name": "TA12-283A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
},
{
"name": "MS12-064",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-2528",
"datePublished": "2012-10-09T21:00:00",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2521
Vulnerability from cvelistv5
Published
2015-09-09 00:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033488 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | vendor-advisory, x_refsource_MS | |
| https://www.exploit-db.com/exploits/38216/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "MS15-099",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"name": "38216",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38216/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1033488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "MS15-099",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"name": "38216",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38216/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "MS15-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"name": "38216",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38216/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2521",
"datePublished": "2015-09-09T00:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3126
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-3126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-3126",
"datePublished": "2009-10-14T10:00:00",
"dateReserved": "2009-09-10T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1276
Vulnerability from cvelistv5
Published
2011-06-16 20:21
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/72924 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/8330 | third-party-advisory, x_refsource_SREASON | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72924"
},
{
"name": "8330",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8330"
},
{
"name": "oval:org.mitre.oval:def:12451",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451"
},
{
"name": "MS11-045",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka \"Excel Buffer Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "72924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72924"
},
{
"name": "8330",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8330"
},
{
"name": "oval:org.mitre.oval:def:12451",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451"
},
{
"name": "MS11-045",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka \"Excel Buffer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72924",
"refsource": "OSVDB",
"url": "http://osvdb.org/72924"
},
{
"name": "8330",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8330"
},
{
"name": "oval:org.mitre.oval:def:12451",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451"
},
{
"name": "MS11-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1276",
"datePublished": "2011-06-16T20:21:00",
"dateReserved": "2011-03-04T00:00:00",
"dateUpdated": "2024-08-06T22:21:33.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1253
Vulnerability from cvelistv5
Published
2010-06-08 20:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-10-103 | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6842 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | vendor-advisory, x_refsource_MS | |
| http://osvdb.org/65228 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/cas/techalerts/TA10-159B.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/archive/1/511728/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-103"
},
{
"name": "oval:org.mitre.oval:def:6842",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6842"
},
{
"name": "MS10-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "65228",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65228"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "20100608 ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511728/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a \"user-controlled pointer,\" aka \"Excel ADO Object Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-103"
},
{
"name": "oval:org.mitre.oval:def:6842",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6842"
},
{
"name": "MS10-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "65228",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65228"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "20100608 ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511728/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a \"user-controlled pointer,\" aka \"Excel ADO Object Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-103",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-103"
},
{
"name": "oval:org.mitre.oval:def:6842",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6842"
},
{
"name": "MS10-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "65228",
"refsource": "OSVDB",
"url": "http://osvdb.org/65228"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "20100608 ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511728/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1253",
"datePublished": "2010-06-08T20:00:00",
"dateReserved": "2010-04-05T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0097
Vulnerability from cvelistv5
Published
2011-04-13 18:00
Modified
2024-08-06 21:43
Severity ?
EPSS score ?
Summary
Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka "Excel Integer Overrun Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA11-102A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/advisories/39122 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/secunia_research/2011-31 | x_refsource_MISC | |
| http://osvdb.org/71758 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1025337 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/47201 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2011/0940 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:14.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-31"
},
{
"name": "71758",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71758"
},
{
"name": "1025337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "oval:org.mitre.oval:def:12612",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
},
{
"name": "47201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47201"
},
{
"name": "ADV-2011-0940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-31"
},
{
"name": "71758",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71758"
},
{
"name": "1025337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "oval:org.mitre.oval:def:12612",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
},
{
"name": "47201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47201"
},
{
"name": "ADV-2011-0940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39122"
},
{
"name": "http://secunia.com/secunia_research/2011-31",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-31"
},
{
"name": "71758",
"refsource": "OSVDB",
"url": "http://osvdb.org/71758"
},
{
"name": "1025337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "oval:org.mitre.oval:def:12612",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
},
{
"name": "47201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47201"
},
{
"name": "ADV-2011-0940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-0097",
"datePublished": "2011-04-13T18:00:00",
"dateReserved": "2010-12-21T00:00:00",
"dateUpdated": "2024-08-06T21:43:14.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0134
Vulnerability from cvelistv5
Published
2016-03-09 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035207 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-029 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/84026 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1035206 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035207",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035207"
},
{
"name": "MS16-029",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-029"
},
{
"name": "84026",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84026"
},
{
"name": "1035206",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1035207",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035207"
},
{
"name": "MS16-029",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-029"
},
{
"name": "84026",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84026"
},
{
"name": "1035206",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035207",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035207"
},
{
"name": "MS16-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-029"
},
{
"name": "84026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84026"
},
{
"name": "1035206",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0134",
"datePublished": "2016-03-09T11:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7232
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94005 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1231 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94005"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word 2010 Out-of-Bounds Write Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1231"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "94005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94005"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word 2010 Out-of-Bounds Write Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1231"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94005"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word 2010 Out-of-Bounds Write Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1231"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7232",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0141
Vulnerability from cvelistv5
Published
2012-05-09 00:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027041 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/49112 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/cas/techalerts/TA12-129A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/53342 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:18.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "oval:org.mitre.oval:def:15152",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "53342",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53342"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel File Format Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "oval:org.mitre.oval:def:15152",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "53342",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53342"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel File Format Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "oval:org.mitre.oval:def:15152",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152"
},
{
"name": "MS12-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "53342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53342"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-0141",
"datePublished": "2012-05-09T00:00:00",
"dateReserved": "2011-12-13T00:00:00",
"dateUpdated": "2024-08-06T18:16:18.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0254
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98101 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038443 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
},
{
"name": "98101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98101"
},
{
"name": "1038443",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016."
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
},
{
"name": "98101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98101"
},
{
"name": "1038443",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
},
{
"name": "98101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98101"
},
{
"name": "1038443",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0254",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0264
Vulnerability from cvelistv5
Published
2010-03-10 22:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-068A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1023698 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023698"
},
{
"name": "oval:org.mitre.oval:def:7888",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023698"
},
{
"name": "oval:org.mitre.oval:def:7888",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"name": "oval:org.mitre.oval:def:7888",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0264",
"datePublished": "2010-03-10T22:00:00",
"dateReserved": "2010-01-07T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2223
Vulnerability from cvelistv5
Published
2007-08-14 21:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/361968 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1018559 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/476747/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.vupen.com/english/advisories/2007/2866 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/476527/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/25301 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/26447 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-048/ | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#361968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/361968"
},
{
"name": "1018559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018559"
},
{
"name": "20070816 MS07-042 XMLDOM substringData() PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476747/100/0/threaded"
},
{
"name": "20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576"
},
{
"name": "ADV-2007-2866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2866"
},
{
"name": "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476527/100/0/threaded"
},
{
"name": "25301",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25301"
},
{
"name": "MS07-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042"
},
{
"name": "26447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26447"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-048/"
},
{
"name": "oval:org.mitre.oval:def:2069",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#361968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/361968"
},
{
"name": "1018559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018559"
},
{
"name": "20070816 MS07-042 XMLDOM substringData() PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476747/100/0/threaded"
},
{
"name": "20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576"
},
{
"name": "ADV-2007-2866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2866"
},
{
"name": "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476527/100/0/threaded"
},
{
"name": "25301",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25301"
},
{
"name": "MS07-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042"
},
{
"name": "26447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26447"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-048/"
},
{
"name": "oval:org.mitre.oval:def:2069",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-2223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#361968",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/361968"
},
{
"name": "1018559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018559"
},
{
"name": "20070816 MS07-042 XMLDOM substringData() PoC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476747/100/0/threaded"
},
{
"name": "20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576"
},
{
"name": "ADV-2007-2866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2866"
},
{
"name": "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476527/100/0/threaded"
},
{
"name": "25301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25301"
},
{
"name": "MS07-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042"
},
{
"name": "26447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26447"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-048/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-048/"
},
{
"name": "oval:org.mitre.oval:def:2069",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-2223",
"datePublished": "2007-08-14T21:00:00",
"dateReserved": "2007-04-24T00:00:00",
"dateUpdated": "2024-08-07T13:23:51.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0025
Vulnerability from cvelistv5
Published
2016-06-16 01:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1036093 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:12.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-070",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-070",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0025",
"datePublished": "2016-06-16T01:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:12.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1759
Vulnerability from cvelistv5
Published
2015-06-10 01:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032523 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/75014 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032523"
},
{
"name": "75014",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75014"
},
{
"name": "MS15-059",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032523"
},
{
"name": "75014",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75014"
},
{
"name": "MS15-059",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032523",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032523"
},
{
"name": "75014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75014"
},
{
"name": "MS15-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-1759",
"datePublished": "2015-06-10T01:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1885
Vulnerability from cvelistv5
Published
2012-11-14 00:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | vendor-advisory, x_refsource_MS | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78072 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/cas/techalerts/TA12-318A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/56425 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1027752 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:26.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752"
},
{
"name": "MS12-076",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "ms-excel-serauxerrbar-bo(78072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78072"
},
{
"name": "TA12-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "56425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56425"
},
{
"name": "1027752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027752"
},
{
"name": "oval:org.mitre.oval:def:15916",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel SerAuxErrBar Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752"
},
{
"name": "MS12-076",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "ms-excel-serauxerrbar-bo(78072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78072"
},
{
"name": "TA12-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "56425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56425"
},
{
"name": "1027752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027752"
},
{
"name": "oval:org.mitre.oval:def:15916",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-1885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel SerAuxErrBar Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752"
},
{
"name": "MS12-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "ms-excel-serauxerrbar-bo(78072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78072"
},
{
"name": "TA12-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "56425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56425"
},
{
"name": "1027752",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027752"
},
{
"name": "oval:org.mitre.oval:def:15916",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-1885",
"datePublished": "2012-11-14T00:00:00",
"dateReserved": "2012-03-22T00:00:00",
"dateUpdated": "2024-08-06T19:17:26.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0794
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102373 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Word |
Version: Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102373"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Word",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0792."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102373"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Word",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0792."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102373"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0794",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:16:16.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0669
Vulnerability from cvelistv5
Published
2019-03-06 00:00
Modified
2024-08-04 17:51
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106897 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Excel |
Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:51:27.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669"
},
{
"name": "106897",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2019 for Mac"
}
]
},
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Office 365 ProPlus",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "64-bit Systems"
}
]
},
{
"product": "Microsoft Office Compatibility Pack",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 3"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \u0027Microsoft Excel Information Disclosure Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669"
},
{
"name": "106897",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106897"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
}
]
}
},
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Office 365 ProPlus",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Office Compatibility Pack",
"version": {
"version_data": [
{
"version_value": "Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \u0027Microsoft Excel Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669"
},
{
"name": "106897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106897"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0669",
"datePublished": "2019-03-06T00:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:51:27.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6122
Vulnerability from cvelistv5
Published
2015-12-09 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034324 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-131",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6122",
"datePublished": "2015-12-09T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0184
Vulnerability from cvelistv5
Published
2012-05-09 00:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75117 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/53375 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1027041 | vdb-entry, x_refsource_SECTRACK | |
| http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982 | third-party-advisory, x_refsource_IDEFENSE | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/49112 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/cas/techalerts/TA12-129A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ms-excel-sxli-code-execution(75117)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75117"
},
{
"name": "oval:org.mitre.oval:def:14789",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789"
},
{
"name": "53375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53375"
},
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "20120508 Microsoft Excel SXLI Record Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel SXLI Record Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ms-excel-sxli-code-execution(75117)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75117"
},
{
"name": "oval:org.mitre.oval:def:14789",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789"
},
{
"name": "53375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53375"
},
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "20120508 Microsoft Excel SXLI Record Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel SXLI Record Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ms-excel-sxli-code-execution(75117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75117"
},
{
"name": "oval:org.mitre.oval:def:14789",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789"
},
{
"name": "53375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53375"
},
{
"name": "1027041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "20120508 Microsoft Excel SXLI Record Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982"
},
{
"name": "MS12-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-0184",
"datePublished": "2012-05-09T00:00:00",
"dateReserved": "2011-12-13T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3362
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3365.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92799 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92799"
},
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3365."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "92799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92799"
},
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3365."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92799"
},
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3362",
"datePublished": "2016-09-14T10:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1272
Vulnerability from cvelistv5
Published
2011-06-16 20:21
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Insufficient Record Validation Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/48157 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48157"
},
{
"name": "oval:org.mitre.oval:def:12139",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139"
},
{
"name": "MS11-045",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Insufficient Record Validation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "48157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48157"
},
{
"name": "oval:org.mitre.oval:def:12139",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139"
},
{
"name": "MS11-045",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Insufficient Record Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48157"
},
{
"name": "oval:org.mitre.oval:def:12139",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139"
},
{
"name": "MS11-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1272",
"datePublished": "2011-06-16T20:21:00",
"dateReserved": "2011-03-04T00:00:00",
"dateUpdated": "2024-08-06T22:21:33.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0007
Vulnerability from cvelistv5
Published
2013-01-09 18:00
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA13-008A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA13-008A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "oval:org.mitre.oval:def:15458",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458"
},
{
"name": "MS13-002",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka \"MSXML XSLT Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA13-008A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "oval:org.mitre.oval:def:15458",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458"
},
{
"name": "MS13-002",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-0007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka \"MSXML XSLT Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA13-008A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "oval:org.mitre.oval:def:15458",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458"
},
{
"name": "MS13-002",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-0007",
"datePublished": "2013-01-09T18:00:00",
"dateReserved": "2012-11-27T00:00:00",
"dateUpdated": "2024-08-06T14:10:56.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0194
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97436 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038244 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194"
},
{
"name": "1038244",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "97436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194"
},
{
"name": "1038244",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97436"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194"
},
{
"name": "1038244",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0194",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1902
Vulnerability from cvelistv5
Published
2010-08-11 18:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka "Word RTF Parsing Buffer Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA10-222A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA10-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"name": "oval:org.mitre.oval:def:11472",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka \"Word RTF Parsing Buffer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA10-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"name": "oval:org.mitre.oval:def:11472",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka \"Word RTF Parsing Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"name": "oval:org.mitre.oval:def:11472",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1902",
"datePublished": "2010-08-11T18:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T02:17:12.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3282
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036274 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036275 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/91589 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:58.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "1036275",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036275"
},
{
"name": "MS16-088",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91589",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "1036275",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036275"
},
{
"name": "MS16-088",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91589",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "1036275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036275"
},
{
"name": "MS16-088",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3282",
"datePublished": "2016-07-13T01:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:58.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3847
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18749",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749"
},
{
"name": "oval:org.mitre.oval:def:18988",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18749",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749"
},
{
"name": "oval:org.mitre.oval:def:18988",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18749",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749"
},
{
"name": "oval:org.mitre.oval:def:18988",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988"
},
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3847",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6333
Vulnerability from cvelistv5
Published
2014-11-11 22:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031189 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/70961 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/59867 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "70961",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70961"
},
{
"name": "59867",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Double Delete Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1031189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "70961",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70961"
},
{
"name": "59867",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Double Delete Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "70961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70961"
},
{
"name": "59867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-6333",
"datePublished": "2014-11-11T22:00:00",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7291
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94671 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94671"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7290."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94671"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7290."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94671"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7291",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6357
Vulnerability from cvelistv5
Published
2014-12-11 00:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Use After Free Word Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS14-081",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Use After Free Word Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS14-081",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Use After Free Word Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-081",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-6357",
"datePublished": "2014-12-11T00:00:00",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1650
Vulnerability from cvelistv5
Published
2015-04-14 20:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032104 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-1650",
"datePublished": "2015-04-14T20:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6124
Vulnerability from cvelistv5
Published
2015-12-09 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034324 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:12.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-131",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-131",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name": "1034324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6124",
"datePublished": "2015-12-09T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:15:12.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8147
Vulnerability from cvelistv5
Published
2018-05-09 19:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040857 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104035 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) Version: 2016 Click-to-Run (C2R) for 32-bit editions Version: 2016 Click-to-Run (C2R) for 64-bit editions Version: 2016 for Mac Version: Compatibility Pack Service Pack 3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147"
},
{
"name": "104035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
}
],
"datePublic": "2018-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147"
},
{
"name": "104035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040857",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040857"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147"
},
{
"name": "104035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8147",
"datePublished": "2018-05-09T19:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:46:13.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1989
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12974",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
},
{
"name": "MS11-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12974",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
},
{
"name": "MS11-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12974",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
},
{
"name": "MS11-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1989",
"datePublished": "2011-09-15T10:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7266
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94662 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94662"
},
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "94662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94662"
},
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94662"
},
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7266",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0259
Vulnerability from cvelistv5
Published
2014-01-15 02:00
Modified
2024-08-06 09:13
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029599 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1029598 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1029599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-0259",
"datePublished": "2014-01-15T02:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:13:09.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6361
Vulnerability from cvelistv5
Published
2014-12-11 00:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS14-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Excel Invalid Pointer Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS14-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Excel Invalid Pointer Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-6361",
"datePublished": "2014-12-11T00:00:00",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8281
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041252 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/104609 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Excel Viewer |
Version: Microsoft Excel Viewer |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:34.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041252"
},
{
"name": "104609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel Viewer"
}
]
},
{
"product": "Microsoft PowerPoint Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft PowerPoint Viewer"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Office Word Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Office Word Viewer"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041252"
},
{
"name": "104609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel Viewer"
}
]
}
},
{
"product_name": "Microsoft PowerPoint Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint Viewer"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office Word Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Office Word Viewer"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041252",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041252"
},
{
"name": "104609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104609"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8281",
"datePublished": "2018-07-11T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:34.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1757
Vulnerability from cvelistv5
Published
2014-04-08 21:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 | vendor-advisory, x_refsource_MS | |
| http://www.kb.cert.org/vuls/id/882841 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS14-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
},
{
"name": "VU#882841",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/882841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office File Format Converter Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS14-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
},
{
"name": "VU#882841",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/882841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-1757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office File Format Converter Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
},
{
"name": "VU#882841",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/882841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-1757",
"datePublished": "2014-04-08T21:00:00",
"dateReserved": "2014-01-29T00:00:00",
"dateUpdated": "2024-08-06T09:50:11.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7193
Vulnerability from cvelistv5
Published
2016-10-14 01:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93372 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1036984 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93372"
},
{
"name": "MS16-121",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
},
{
"name": "1036984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "93372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93372"
},
{
"name": "MS16-121",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
},
{
"name": "1036984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93372"
},
{
"name": "MS16-121",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
},
{
"name": "1036984",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7193",
"datePublished": "2016-10-14T01:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0260
Vulnerability from cvelistv5
Published
2010-03-10 22:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-068A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1023698 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862 | vdb-entry, signature, x_refsource_OVAL | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023698"
},
{
"name": "oval:org.mitre.oval:def:7862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862"
},
{
"name": "20100309 Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which \"a MDXTUPLE record is broken up into several records,\" aka \"Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023698"
},
{
"name": "oval:org.mitre.oval:def:7862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862"
},
{
"name": "20100309 Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which \"a MDXTUPLE record is broken up into several records,\" aka \"Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"name": "oval:org.mitre.oval:def:7862",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862"
},
{
"name": "20100309 Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0260",
"datePublished": "2010-03-10T22:00:00",
"dateReserved": "2010-01-07T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4033
Vulnerability from cvelistv5
Published
2008-11-12 23:00
Modified
2024-08-07 10:00
Severity ?
EPSS score ?
Summary
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=122703006921213&w=2 | vendor-advisory, x_refsource_HP | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA08-316A.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=122703006921213&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.vupen.com/english/advisories/2008/3111 | vdb-entry, x_refsource_VUPEN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 | vendor-advisory, x_refsource_MS | |
| http://securitytracker.com/id?1021164 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/32204 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT080164",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5847",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847"
},
{
"name": "TA08-316A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
},
{
"name": "HPSBST02386",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "ADV-2008-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3111"
},
{
"name": "MS08-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
},
{
"name": "1021164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021164"
},
{
"name": "32204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka \"MSXML Header Request Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "SSRT080164",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5847",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847"
},
{
"name": "TA08-316A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
},
{
"name": "HPSBST02386",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "ADV-2008-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3111"
},
{
"name": "MS08-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
},
{
"name": "1021164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021164"
},
{
"name": "32204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-4033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka \"MSXML Header Request Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT080164",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5847",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847"
},
{
"name": "TA08-316A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
},
{
"name": "HPSBST02386",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "ADV-2008-3111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3111"
},
{
"name": "MS08-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
},
{
"name": "1021164",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021164"
},
{
"name": "32204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-4033",
"datePublished": "2008-11-12T23:00:00",
"dateReserved": "2008-09-10T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0035
Vulnerability from cvelistv5
Published
2016-01-13 02:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034651 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-639 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:12.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034651"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034651"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"name": "1034651",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034651"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-639",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0035",
"datePublished": "2016-01-13T02:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:12.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2468
Vulnerability from cvelistv5
Published
2015-08-15 00:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081 | vendor-advisory, x_refsource_MS | |
| https://www.exploit-db.com/exploits/37912/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securitytracker.com/id/1033239 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:26.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-081",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
},
{
"name": "37912",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37912/"
},
{
"name": "1033239",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-081",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
},
{
"name": "37912",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37912/"
},
{
"name": "1033239",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-081",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
},
{
"name": "37912",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37912/"
},
{
"name": "1033239",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2468",
"datePublished": "2015-08-15T00:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:26.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1649
Vulnerability from cvelistv5
Published
2015-04-14 20:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032104 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-1649",
"datePublished": "2015-04-14T20:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0802
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802 | x_refsource_CONFIRM | |
| https://github.com/rxwx/CVE-2018-0802 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102347 | vdb-entry, x_refsource_BID | |
| https://github.com/zldww2011/CVE-2018-0802_POC | x_refsource_MISC | |
| https://research.checkpoint.com/another-office-equation-rce-vulnerability/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rxwx/CVE-2018-0802"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html"
},
{
"name": "102347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zldww2011/CVE-2018-0802_POC"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.checkpoint.com/another-office-equation-rce-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T18:39:13",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rxwx/CVE-2018-0802"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html"
},
{
"name": "102347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zldww2011/CVE-2018-0802_POC"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.checkpoint.com/another-office-equation-rce-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802"
},
{
"name": "https://github.com/rxwx/CVE-2018-0802",
"refsource": "MISC",
"url": "https://github.com/rxwx/CVE-2018-0802"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html"
},
{
"name": "102347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102347"
},
{
"name": "https://github.com/zldww2011/CVE-2018-0802_POC",
"refsource": "MISC",
"url": "https://github.com/zldww2011/CVE-2018-0802_POC"
},
{
"name": "https://research.checkpoint.com/another-office-equation-rce-vulnerability/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/another-office-equation-rce-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0802",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T23:30:27.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2520
Vulnerability from cvelistv5
Published
2015-09-09 00:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033488 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/38215/ | exploit, x_refsource_EXPLOIT-DB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "38215",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38215/"
},
{
"name": "MS15-099",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1033488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "38215",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38215/"
},
{
"name": "MS15-099",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "38215",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38215/"
},
{
"name": "MS15-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2520",
"datePublished": "2015-09-09T00:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7229
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/93995 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7229",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1990
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982"
},
{
"name": "MS11-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982"
},
{
"name": "MS11-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11982",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982"
},
{
"name": "MS11-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1990",
"datePublished": "2011-09-15T10:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0257
Vulnerability from cvelistv5
Published
2010-03-10 22:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-068A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1023698 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:8617",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Microsoft Office Excel Record Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:8617",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Microsoft Office Excel Record Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:8617",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617"
},
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0257",
"datePublished": "2010-03-10T22:00:00",
"dateReserved": "2010-01-07T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7290
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94670 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94670"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7291."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94670"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7291."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94670"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7290",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0136
Vulnerability from cvelistv5
Published
2016-04-12 23:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | vendor-advisory, x_refsource_MS | |
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id/1035525 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035524 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "20160412 Microsoft Excel Uninitialized Pointer Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224"
},
{
"name": "1035525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "1035524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "20160412 Microsoft Excel Uninitialized Pointer Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224"
},
{
"name": "1035525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "1035524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "20160412 Microsoft Excel Uninitialized Pointer Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224"
},
{
"name": "1035525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "1035524",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0136",
"datePublished": "2016-04-12T23:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0022
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0052.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034976 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034975 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0052."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0052."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0022",
"datePublished": "2016-02-10T11:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7235
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94022 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94022"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "94022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94022"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94022"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7235",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3365
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/92804 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3362."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3362."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3365",
"datePublished": "2016-09-14T10:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8632
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100734 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"name": "100734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100734"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8632",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T04:20:07.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0793
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 20:41
Severity ?
EPSS score ?
Summary
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040154 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102375 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Outlook |
Version: Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0793",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:41:56.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0796
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102372 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Excel |
Version: Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102372"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Excel",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102372"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102372"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0796",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T02:31:28.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0006
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96740 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "96740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "96740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "96740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96740"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0006",
"datePublished": "2017-03-17T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0848
Vulnerability from cvelistv5
Published
2018-01-22 23:00
Modified
2024-09-17 03:58
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102747 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848"
},
{
"name": "102747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-23T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848"
},
{
"name": "102747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-19T00:00:00",
"ID": "CVE-2018-0848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848"
},
{
"name": "102747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0848",
"datePublished": "2018-01-22T23:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T03:58:37.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0849
Vulnerability from cvelistv5
Published
2018-01-22 23:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102748 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849"
},
{
"name": "102748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-23T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849"
},
{
"name": "102748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-19T00:00:00",
"ID": "CVE-2018-0849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849"
},
{
"name": "102748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0849",
"datePublished": "2018-01-22T23:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T00:06:16.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3214
Vulnerability from cvelistv5
Published
2010-10-13 18:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/514302/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-285A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20101014 VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514302/100/0/threaded"
},
{
"name": "MS10-079",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"name": "TA10-285A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "oval:org.mitre.oval:def:7322",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Stack Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20101014 VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514302/100/0/threaded"
},
{
"name": "MS10-079",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"name": "TA10-285A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "oval:org.mitre.oval:def:7322",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Stack Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101014 VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514302/100/0/threaded"
},
{
"name": "MS10-079",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "oval:org.mitre.oval:def:7322",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-3214",
"datePublished": "2010-10-13T18:00:00",
"dateReserved": "2010-09-03T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0183
Vulnerability from cvelistv5
Published
2012-05-09 00:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/53344 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1027035 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA12-129A.html | third-party-advisory, x_refsource_CERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75122 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/49111 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS12-029",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029"
},
{
"name": "53344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53344"
},
{
"name": "1027035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027035"
},
{
"name": "oval:org.mitre.oval:def:15327",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "microsoft-office-rtf-code-execution(75122)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75122"
},
{
"name": "49111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"RTF Mismatch Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS12-029",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029"
},
{
"name": "53344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53344"
},
{
"name": "1027035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027035"
},
{
"name": "oval:org.mitre.oval:def:15327",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "microsoft-office-rtf-code-execution(75122)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75122"
},
{
"name": "49111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"RTF Mismatch Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS12-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029"
},
{
"name": "53344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53344"
},
{
"name": "1027035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027035"
},
{
"name": "oval:org.mitre.oval:def:15327",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "microsoft-office-rtf-code-execution(75122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75122"
},
{
"name": "49111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-0183",
"datePublished": "2012-05-09T00:00:00",
"dateReserved": "2011-12-13T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2424
Vulnerability from cvelistv5
Published
2015-07-14 21:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032899 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:26.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032899",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2424",
"datePublished": "2015-07-14T21:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:26.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0258
Vulnerability from cvelistv5
Published
2014-01-15 02:00
Modified
2024-08-06 09:13
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029599 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1029598 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1029599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029599"
},
{
"name": "1029598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029598"
},
{
"name": "MS14-001",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-0258",
"datePublished": "2014-01-15T02:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:13:09.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0812
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102463 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102463"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0812",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T03:03:12.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8631
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-16 23:32
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100751 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "100751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631"
},
{
"name": "1039315",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100751"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8631",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-16T23:32:04.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1027
Vulnerability from cvelistv5
Published
2018-04-12 01:00
Modified
2024-08-05 03:44
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040652 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103616 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Excel |
Version: 2007 Service Pack 3 Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040652",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040652"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027"
},
{
"name": "103616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2018-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040652",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040652"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027"
},
{
"name": "103616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-1027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040652",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040652"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027"
},
{
"name": "103616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-1027",
"datePublished": "2018-04-12T01:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T03:44:11.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1886
Vulnerability from cvelistv5
Published
2012-11-14 00:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/56426 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA12-318A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1027752 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78073 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:26.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56426"
},
{
"name": "MS12-076",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "TA12-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "1027752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027752"
},
{
"name": "oval:org.mitre.oval:def:15927",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927"
},
{
"name": "microsoft-excel-code-exec(78073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "56426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56426"
},
{
"name": "MS12-076",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "TA12-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "1027752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027752"
},
{
"name": "oval:org.mitre.oval:def:15927",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927"
},
{
"name": "microsoft-excel-code-exec(78073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-1886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56426"
},
{
"name": "MS12-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "TA12-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "1027752",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027752"
},
{
"name": "oval:org.mitre.oval:def:15927",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927"
},
{
"name": "microsoft-excel-code-exec(78073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-1886",
"datePublished": "2012-11-14T00:00:00",
"dateReserved": "2012-03-22T00:00:00",
"dateUpdated": "2024-08-06T19:17:26.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3852
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18635 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18635",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18635"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18635",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18635"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18635",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18635"
},
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3852",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1651
Vulnerability from cvelistv5
Published
2015-04-14 20:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032104 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"name": "MS15-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-1651",
"datePublished": "2015-04-14T20:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6092
Vulnerability from cvelistv5
Published
2015-11-11 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034122 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:12.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-6092",
"datePublished": "2015-11-11T11:00:00",
"dateReserved": "2015-08-14T00:00:00",
"dateUpdated": "2024-08-06T07:15:12.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8742
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039323 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100741 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:21.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742"
},
{
"name": "100741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8743."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742"
},
{
"name": "100741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039323",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039323"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742"
},
{
"name": "100741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8742",
"datePublished": "2017-09-13T01:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-17T01:31:58.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7265
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94721 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94721",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94721"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94721",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94721"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94721"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7265",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0563
Vulnerability from cvelistv5
Published
2009-06-10 17:37
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/35188 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/54959 | vdb-entry, x_refsource_OSVDB | |
| http://www.zerodayinitiative.com/advisories/ZDI-09-035 | x_refsource_MISC | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1022356 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027 | vendor-advisory, x_refsource_MS | |
| http://www.vupen.com/english/advisories/2009/1546 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/504204/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6133",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133"
},
{
"name": "35188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35188"
},
{
"name": "54959",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54959"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-035"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "1022356",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022356"
},
{
"name": "MS09-027",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
},
{
"name": "ADV-2009-1546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1546"
},
{
"name": "20090610 ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504204/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka \"Word Buffer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6133",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133"
},
{
"name": "35188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35188"
},
{
"name": "54959",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54959"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-035"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "1022356",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022356"
},
{
"name": "MS09-027",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
},
{
"name": "ADV-2009-1546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1546"
},
{
"name": "20090610 ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504204/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka \"Word Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6133",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133"
},
{
"name": "35188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35188"
},
{
"name": "54959",
"refsource": "OSVDB",
"url": "http://osvdb.org/54959"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-035",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-035"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "1022356",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022356"
},
{
"name": "MS09-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
},
{
"name": "ADV-2009-1546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1546"
},
{
"name": "20090610 ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504204/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0563",
"datePublished": "2009-06-10T17:37:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3890
Vulnerability from cvelistv5
Published
2013-10-09 14:44
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/ncas/alerts/TA13-288A | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA13-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "MS13-085",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"name": "oval:org.mitre.oval:def:18926",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA13-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "MS13-085",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"name": "oval:org.mitre.oval:def:18926",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA13-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "MS13-085",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"name": "oval:org.mitre.oval:def:18926",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3890",
"datePublished": "2013-10-09T14:44:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0258
Vulnerability from cvelistv5
Published
2010-03-10 22:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859 | third-party-advisory, x_refsource_IDEFENSE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-068A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1023698 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100309 Microsoft Excel Sheet Object Type Confusion Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859"
},
{
"name": "oval:org.mitre.oval:def:8545",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka \"Microsoft Office Excel Sheet Object Type Confusion Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20100309 Microsoft Excel Sheet Object Type Confusion Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859"
},
{
"name": "oval:org.mitre.oval:def:8545",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545"
},
{
"name": "MS10-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka \"Microsoft Office Excel Sheet Object Type Confusion Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100309 Microsoft Excel Sheet Object Type Confusion Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859"
},
{
"name": "oval:org.mitre.oval:def:8545",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545"
},
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0258",
"datePublished": "2010-03-10T22:00:00",
"dateReserved": "2010-01-07T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8597
Vulnerability from cvelistv5
Published
2018-12-12 00:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106100 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2016 for Mac Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2019 for Mac Version: Compatibility Pack Service Pack 3 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597"
},
{
"name": "106100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2019 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "365 ProPlus for 32-bit Systems"
},
{
"status": "affected",
"version": "365 ProPlus for 64-bit Systems"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597"
},
{
"name": "106100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597"
},
{
"name": "106100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8597",
"datePublished": "2018-12-12T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8628
Vulnerability from cvelistv5
Published
2018-12-12 00:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106104 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: 2016 for Mac Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2019 for Mac Version: Compatibility Pack Service Pack 3 Version: Web Apps 2010 Service Pack 2 Version: Web Apps 2013 Service Pack 1 |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
},
{
"name": "106104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2019 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
},
{
"status": "affected",
"version": "Web Apps 2010 Service Pack 2"
},
{
"status": "affected",
"version": "Web Apps 2013 Service Pack 1"
}
]
},
{
"product": "Microsoft PowerPoint",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
},
{
"product": "Microsoft SharePoint",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Enterprise Server 2016"
}
]
},
{
"product": "Microsoft PowerPoint Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft PowerPoint Viewer"
}
]
},
{
"product": "Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "365 ProPlus for 32-bit Systems"
},
{
"status": "affected",
"version": "365 ProPlus for 64-bit Systems"
}
]
},
{
"product": "Office Online Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Office Online Server"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
},
{
"status": "affected",
"version": "2019"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
},
{
"name": "106104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106104"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
},
{
"version_value": "Web Apps 2010 Service Pack 2"
},
{
"version_value": "Web Apps 2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft PowerPoint",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
},
{
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value": "Enterprise Server 2016"
}
]
}
},
{
"product_name": "Microsoft PowerPoint Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint Viewer"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name": "Office Online Server",
"version": {
"version_data": [
{
"version_value": "Office Online Server"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
},
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
},
{
"name": "106104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106104"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8628",
"datePublished": "2018-12-12T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2378
Vulnerability from cvelistv5
Published
2015-07-14 21:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032899 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka \"Microsoft Excel DLL Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka \"Microsoft Excel DLL Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032899",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2378",
"datePublished": "2015-07-14T21:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3413
Vulnerability from cvelistv5
Published
2011-12-14 00:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA11-347A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14581",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581"
},
{
"name": "TA11-347A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"name": "MS11-094",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka \"OfficeArt Shape RCE Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14581",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581"
},
{
"name": "TA11-347A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"name": "MS11-094",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-3413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka \"OfficeArt Shape RCE Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14581",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581"
},
{
"name": "TA11-347A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"name": "MS11-094",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-3413",
"datePublished": "2011-12-14T00:00:00",
"dateReserved": "2011-09-09T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8427
Vulnerability from cvelistv5
Published
2018-10-10 13:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041823 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/105453 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: 2016 for Mac Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: Compatibility Pack Service Pack 3 |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"name": "105453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Office Word Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Office Word Viewer"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Microsoft PowerPoint Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007"
}
]
},
{
"product": "Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "365 ProPlus for 32-bit Systems"
},
{
"status": "affected",
"version": "365 ProPlus for 64-bit Systems"
}
]
},
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
}
],
"datePublic": "2018-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"name": "105453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office Word Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Office Word Viewer"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft PowerPoint Viewer",
"version": {
"version_data": [
{
"version_value": "2007"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041823"
},
{
"name": "105453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105453"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8427",
"datePublished": "2018-10-10T13:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7231
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93996 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93996"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "93996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93996"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93996"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7231",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0063
Vulnerability from cvelistv5
Published
2015-02-11 02:00
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62808 | third-party-advisory, x_refsource_SECUNIA | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 | vendor-advisory, x_refsource_MS | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100439 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1031720 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/72460 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:27.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62808"
},
{
"name": "MS15-012",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"name": "ms-excel-cve20150063-code-exec(100439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
},
{
"name": "1031720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031720"
},
{
"name": "72460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "62808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62808"
},
{
"name": "MS15-012",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"name": "ms-excel-cve20150063-code-exec(100439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
},
{
"name": "1031720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031720"
},
{
"name": "72460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-0063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62808"
},
{
"name": "MS15-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"name": "ms-excel-cve20150063-code-exec(100439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
},
{
"name": "1031720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031720"
},
{
"name": "72460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-0063",
"datePublished": "2015-02-11T02:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:27.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0027
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96043 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027"
},
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "96043",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027"
},
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "96043",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027"
},
{
"name": "1038010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "96043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0027",
"datePublished": "2017-03-17T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7262
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94660 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94660"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94660"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94660"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7262",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3006
Vulnerability from cvelistv5
Published
2008-08-12 23:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA08-225A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "30640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30640"
},
{
"name": "HPSBST02360",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080812 ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495428/100/0/threaded"
},
{
"name": "1020672",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020672"
},
{
"name": "SSRT080117",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "MS08-043",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043"
},
{
"name": "31455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31455"
},
{
"name": "31454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31454"
},
{
"name": "oval:org.mitre.oval:def:5561",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561"
},
{
"name": "ADV-2008-2347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-048/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the \"Excel Record Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA08-225A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "30640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30640"
},
{
"name": "HPSBST02360",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080812 ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495428/100/0/threaded"
},
{
"name": "1020672",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020672"
},
{
"name": "SSRT080117",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "MS08-043",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043"
},
{
"name": "31455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31455"
},
{
"name": "31454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31454"
},
{
"name": "oval:org.mitre.oval:def:5561",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561"
},
{
"name": "ADV-2008-2347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-048/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the \"Excel Record Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA08-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "30640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30640"
},
{
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080812 ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495428/100/0/threaded"
},
{
"name": "1020672",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020672"
},
{
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "MS08-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043"
},
{
"name": "31455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31455"
},
{
"name": "31454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31454"
},
{
"name": "oval:org.mitre.oval:def:5561",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561"
},
{
"name": "ADV-2008-2347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2347"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-048/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-048/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3006",
"datePublished": "2008-08-12T23:00:00",
"dateReserved": "2008-07-07T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8246
Vulnerability from cvelistv5
Published
2018-06-14 12:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041109 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/104322 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246"
},
{
"name": "1041109",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041109"
},
{
"name": "104322",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246"
},
{
"name": "1041109",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041109"
},
{
"name": "104322",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246"
},
{
"name": "1041109",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041109"
},
{
"name": "104322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8246",
"datePublished": "2018-06-14T12:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:46:13.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1987
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953"
},
{
"name": "MS11-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953"
},
{
"name": "MS11-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12953",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953"
},
{
"name": "MS11-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"name": "TA11-256A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1987",
"datePublished": "2011-09-15T10:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0801
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102348 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801"
},
{
"name": "102348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102348"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801"
},
{
"name": "102348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102348"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801"
},
{
"name": "102348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102348"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0801",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T02:06:08.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0806
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102460 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0806",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T03:13:52.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3855
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18065 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18065",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18065"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18065",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18065"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18065",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18065"
},
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3855",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0979
Vulnerability from cvelistv5
Published
2011-02-10 18:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA11-102A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/advisories/39122 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/43231 | third-party-advisory, x_refsource_SECUNIA | |
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft | x_refsource_MISC | |
| http://zerodayinitiative.com/advisories/ZDI-11-041/ | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/id?1025337 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | vendor-advisory, x_refsource_MS | |
| http://osvdb.org/70904 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2011/0940 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39122"
},
{
"name": "43231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43231"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-041/"
},
{
"name": "oval:org.mitre.oval:def:12595",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595"
},
{
"name": "1025337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "70904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70904"
},
{
"name": "ADV-2011-0940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a \"stray reference,\" aka \"Excel Linked List Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39122"
},
{
"name": "43231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43231"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-041/"
},
{
"name": "oval:org.mitre.oval:def:12595",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595"
},
{
"name": "1025337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "70904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70904"
},
{
"name": "ADV-2011-0940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a \"stray reference,\" aka \"Excel Linked List Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39122"
},
{
"name": "43231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43231"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-041/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-041/"
},
{
"name": "oval:org.mitre.oval:def:12595",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595"
},
{
"name": "1025337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "70904",
"refsource": "OSVDB",
"url": "http://osvdb.org/70904"
},
{
"name": "ADV-2011-0940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0979",
"datePublished": "2011-02-10T18:00:00",
"dateReserved": "2011-02-10T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2778
Vulnerability from cvelistv5
Published
2014-06-11 01:00
Modified
2024-08-06 10:21
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka "Embedded Font Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67896 | vdb-entry, x_refsource_BID | |
| http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx | x_refsource_CONFIRM | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/58551 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1030383 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx"
},
{
"name": "MS14-034",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034"
},
{
"name": "58551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58551"
},
{
"name": "1030383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka \"Embedded Font Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "67896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx"
},
{
"name": "MS14-034",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034"
},
{
"name": "58551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58551"
},
{
"name": "1030383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka \"Embedded Font Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67896"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx"
},
{
"name": "MS14-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034"
},
{
"name": "58551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58551"
},
{
"name": "1030383",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-2778",
"datePublished": "2014-06-11T01:00:00",
"dateReserved": "2014-04-10T00:00:00",
"dateUpdated": "2024-08-06T10:21:36.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0655
Vulnerability from cvelistv5
Published
2011-04-13 18:00
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA11-102A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1025340 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2011/0941 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS11-022",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "1025340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025340"
},
{
"name": "oval:org.mitre.oval:def:12624",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624"
},
{
"name": "ADV-2011-0941",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0941"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka \"Floating Point Techno-color Time Bandit RCE Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS11-022",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "1025340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025340"
},
{
"name": "oval:org.mitre.oval:def:12624",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624"
},
{
"name": "ADV-2011-0941",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0941"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka \"Floating Point Techno-color Time Bandit RCE Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "1025340",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025340"
},
{
"name": "oval:org.mitre.oval:def:12624",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624"
},
{
"name": "ADV-2011-0941",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0941"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-0655",
"datePublished": "2011-04-13T18:00:00",
"dateReserved": "2011-01-28T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0185
Vulnerability from cvelistv5
Published
2012-05-09 00:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027041 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75118 | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/49112 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/cas/techalerts/TA12-129A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "oval:org.mitre.oval:def:14738",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738"
},
{
"name": "ms-excel-mergecells-bo(75118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75118"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka \"Excel MergeCells Record Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "oval:org.mitre.oval:def:14738",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738"
},
{
"name": "ms-excel-mergecells-bo(75118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75118"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka \"Excel MergeCells Record Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "oval:org.mitre.oval:def:14738",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738"
},
{
"name": "ms-excel-mergecells-bo(75118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75118"
},
{
"name": "MS12-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-0185",
"datePublished": "2012-05-09T00:00:00",
"dateReserved": "2011-12-13T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3848
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18281",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "oval:org.mitre.oval:def:18800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18281",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "oval:org.mitre.oval:def:18800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18281",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281"
},
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "oval:org.mitre.oval:def:18800",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3848",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7264
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/94769 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7264",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0105
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96746 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:18.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"
},
{
"name": "96746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"
},
{
"name": "96746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"
},
{
"name": "96746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0105",
"datePublished": "2017-03-17T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:18.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1847
Vulnerability from cvelistv5
Published
2012-05-09 00:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/id?1027041 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/53379 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/49112 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/cas/techalerts/TA12-129A.html | third-party-advisory, x_refsource_CERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75119 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15575",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575"
},
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "53379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53379"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "ms-excel-series-code-execution(75119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15575",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575"
},
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "53379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53379"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "ms-excel-series-code-execution(75119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-1847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15575",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575"
},
{
"name": "1027041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "53379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53379"
},
{
"name": "MS12-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "ms-excel-series-code-execution(75119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-1847",
"datePublished": "2012-05-09T00:00:00",
"dateReserved": "2012-03-22T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3232
Vulnerability from cvelistv5
Published
2010-10-13 18:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-285A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7575",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575"
},
{
"name": "MS10-080",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"name": "TA10-285A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Excel File Format Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7575",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575"
},
{
"name": "MS10-080",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"name": "TA10-285A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Excel File Format Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7575",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575"
},
{
"name": "MS10-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-3232",
"datePublished": "2010-10-13T18:00:00",
"dateReserved": "2010-09-03T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1269
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS11-036",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036"
},
{
"name": "oval:org.mitre.oval:def:12438",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"Presentation Memory Corruption RCE Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS11-036",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036"
},
{
"name": "oval:org.mitre.oval:def:12438",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"Presentation Memory Corruption RCE Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-036",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036"
},
{
"name": "oval:org.mitre.oval:def:12438",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1269",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-03-04T00:00:00",
"dateUpdated": "2024-08-06T22:21:34.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3849
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "oval:org.mitre.oval:def:19100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100"
},
{
"name": "oval:org.mitre.oval:def:18774",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "oval:org.mitre.oval:def:19100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100"
},
{
"name": "oval:org.mitre.oval:def:18774",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "oval:org.mitre.oval:def:19100",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100"
},
{
"name": "oval:org.mitre.oval:def:18774",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774"
},
{
"name": "MS13-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3849",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1273
Vulnerability from cvelistv5
Published
2011-06-16 20:21
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Improper Record Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/72921 | vdb-entry, x_refsource_OSVDB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/44931/ | third-party-advisory, x_refsource_SECUNIA | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72921"
},
{
"name": "oval:org.mitre.oval:def:12354",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354"
},
{
"name": "44931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44931/"
},
{
"name": "MS11-045",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Improper Record Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "72921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72921"
},
{
"name": "oval:org.mitre.oval:def:12354",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354"
},
{
"name": "44931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44931/"
},
{
"name": "MS11-045",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Improper Record Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72921",
"refsource": "OSVDB",
"url": "http://osvdb.org/72921"
},
{
"name": "oval:org.mitre.oval:def:12354",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354"
},
{
"name": "44931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44931/"
},
{
"name": "MS11-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1273",
"datePublished": "2011-06-16T20:21:00",
"dateReserved": "2011-03-04T00:00:00",
"dateUpdated": "2024-08-06T22:21:33.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2415
Vulnerability from cvelistv5
Published
2015-07-14 21:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032899 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032899",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2415",
"datePublished": "2015-07-14T21:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0122
Vulnerability from cvelistv5
Published
2016-04-12 23:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1035525 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/39694/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "1035525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "39694",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39694/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "1035525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "39694",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39694/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "1035525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "39694",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39694/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0122",
"datePublished": "2016-04-12T23:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8375
Vulnerability from cvelistv5
Published
2018-08-15 17:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104989 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041463 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Excel Viewer |
Version: 2007 Service Pack 3 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104989",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104989"
},
{
"name": "1041463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
],
"datePublic": "2018-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "104989",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104989"
},
{
"name": "1041463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104989"
},
{
"name": "1041463",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041463"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8375",
"datePublished": "2018-08-15T17:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8378
Vulnerability from cvelistv5
Published
2018-08-15 17:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104996 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Word |
Version: Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104996"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Word",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft Office Word Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Office Word Viewer"
}
]
},
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Microsoft SharePoint",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Enterprise Server 2013 Service Pack 1"
},
{
"status": "affected",
"version": "Enterprise Server 2016"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"status": "affected",
"version": "Web Apps 2010 Service Pack 2"
},
{
"status": "affected",
"version": "Web Apps 2013 Service Pack 1"
}
]
}
],
"datePublic": "2018-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "104996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104996"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Word",
"version": {
"version_data": [
{
"version_value": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft Office Word Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Office Word Viewer"
}
]
}
},
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value": "Enterprise Server 2013 Service Pack 1"
},
{
"version_value": "Enterprise Server 2016"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value": "Web Apps 2010 Service Pack 2"
},
{
"version_value": "Web Apps 2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104996"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8378",
"datePublished": "2018-08-15T17:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8577
Vulnerability from cvelistv5
Published
2018-11-14 01:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105834 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1042134 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) Version: 2016 for Mac Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2019 for Mac Version: Compatibility Pack Service Pack 3 Version: Web Apps Server 2013 Service Pack 1 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105834"
},
{
"name": "1042134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042134"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2019 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
},
{
"status": "affected",
"version": "Web Apps Server 2013 Service Pack 1"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
},
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
},
{
"product": "Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "365 ProPlus for 32-bit Systems"
},
{
"status": "affected",
"version": "365 ProPlus for 64-bit Systems"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T10:57:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105834"
},
{
"name": "1042134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042134"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
},
{
"version_value": "Web Apps Server 2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
},
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Excel",
"version": {
"version_data": [
{
"version_value": "Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105834"
},
{
"name": "1042134",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042134"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8577",
"datePublished": "2018-11-14T01:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0950
Vulnerability from cvelistv5
Published
2018-04-12 01:00
Modified
2024-08-05 03:44
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103642 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040654 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Word |
Version: 2007 Service Pack 3 Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950"
},
{
"name": "103642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103642"
},
{
"name": "1040654",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Word",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2018-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950"
},
{
"name": "103642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103642"
},
{
"name": "1040654",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Word",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950"
},
{
"name": "103642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103642"
},
{
"name": "1040654",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0950",
"datePublished": "2018-04-12T01:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T03:44:11.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0052
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96741 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:17.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052"
},
{
"name": "96741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052"
},
{
"name": "96741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052"
},
{
"name": "96741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0052",
"datePublished": "2017-03-17T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:17.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3851
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18246 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18246",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18246"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18246",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18246"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18246",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18246"
},
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3851",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0198
Vulnerability from cvelistv5
Published
2016-05-11 01:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/89962 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1035819 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "89962",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89962"
},
{
"name": "MS16-054",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054"
},
{
"name": "1035819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035819"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "89962",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89962"
},
{
"name": "MS16-054",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054"
},
{
"name": "1035819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035819"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "89962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89962"
},
{
"name": "MS16-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054"
},
{
"name": "1035819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035819"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0198",
"datePublished": "2016-05-11T01:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8501
Vulnerability from cvelistv5
Published
2017-07-11 21:00
Modified
2024-09-16 23:31
Severity ?
EPSS score ?
Summary
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038851 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/99441 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:23.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038851"
},
{
"name": "99441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office 2007 SP3, Microsoft Excel Viewer 2007 SP3, Microsoft Office 2010 SP2, Excel Services on Microsoft SharePoint Server 2010 SP1, Microsoft Office for Mac 2011, Microsoft Excel 2013 SP1, Microsoft Excel 2013 RT SP1, Microsoft SharePoint Enterprise Server 2013, Microsoft Excel 2016, Microsoft Office 2016 for Mac, Microsoft Office Online Server 2016, and Microsoft Office Compatibility Pack SP3.",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-12T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038851"
},
{
"name": "99441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office 2007 SP3, Microsoft Excel Viewer 2007 SP3, Microsoft Office 2010 SP2, Excel Services on Microsoft SharePoint Server 2010 SP1, Microsoft Office for Mac 2011, Microsoft Excel 2013 SP1, Microsoft Excel 2013 RT SP1, Microsoft SharePoint Enterprise Server 2013, Microsoft Excel 2016, Microsoft Office 2016 for Mac, Microsoft Office Online Server 2016, and Microsoft Office Compatibility Pack SP3.",
"version": {
"version_data": [
{
"version_value": "Microsoft Office"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038851",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038851"
},
{
"name": "99441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99441"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8501",
"datePublished": "2017-07-11T21:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-16T23:31:06.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11854
Vulnerability from cvelistv5
Published
2017-11-15 03:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039795 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101746 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039795"
},
{
"name": "101746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101746"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039795"
},
{
"name": "101746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101746"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039795",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039795"
},
{
"name": "101746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101746"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11854",
"datePublished": "2017-11-15T03:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T17:33:33.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0142
Vulnerability from cvelistv5
Published
2012-05-09 00:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027041 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/53373 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/49112 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA12-129A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:18.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "53373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53373"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "oval:org.mitre.oval:def:15543",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1027041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "53373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53373"
},
{
"name": "MS12-030",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49112"
},
{
"name": "oval:org.mitre.oval:def:15543",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543"
},
{
"name": "TA12-129A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "53373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53373"
},
{
"name": "MS12-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49112"
},
{
"name": "oval:org.mitre.oval:def:15543",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-0142",
"datePublished": "2012-05-09T00:00:00",
"dateReserved": "2011-12-13T00:00:00",
"dateUpdated": "2024-08-06T18:16:18.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4117
Vulnerability from cvelistv5
Published
2014-10-15 10:00
Modified
2024-08-06 11:04
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/70360 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/60973 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70360"
},
{
"name": "MS14-061",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"
},
{
"name": "60973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka \"Microsoft Word File Format Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "70360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70360"
},
{
"name": "MS14-061",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"
},
{
"name": "60973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka \"Microsoft Word File Format Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70360"
},
{
"name": "MS14-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"
},
{
"name": "60973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-4117",
"datePublished": "2014-10-15T10:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2558
Vulnerability from cvelistv5
Published
2015-10-14 01:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | vendor-advisory, x_refsource_MS | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-516 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1033803 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS15-110",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"name": "1033803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS15-110",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"name": "1033803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-110",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-516",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"name": "1033803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2558",
"datePublished": "2015-10-14T01:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1315
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:04.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18950",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950"
},
{
"name": "MS13-073",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073"
},
{
"name": "oval:org.mitre.oval:def:18333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333"
},
{
"name": "oval:org.mitre.oval:def:18543",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18950",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950"
},
{
"name": "MS13-073",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073"
},
{
"name": "oval:org.mitre.oval:def:18333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333"
},
{
"name": "oval:org.mitre.oval:def:18543",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-1315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18950",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950"
},
{
"name": "MS13-073",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073"
},
{
"name": "oval:org.mitre.oval:def:18333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333"
},
{
"name": "oval:org.mitre.oval:def:18543",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543"
},
{
"name": "MS13-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-1315",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-01-12T00:00:00",
"dateUpdated": "2024-08-06T14:57:04.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3892
Vulnerability from cvelistv5
Published
2013-10-09 14:44
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-288A | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18953 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS13-086",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
},
{
"name": "TA13-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "oval:org.mitre.oval:def:18953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18953"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS13-086",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
},
{
"name": "TA13-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "oval:org.mitre.oval:def:18953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18953"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-086",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
},
{
"name": "TA13-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "oval:org.mitre.oval:def:18953",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18953"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3892",
"datePublished": "2013-10-09T14:44:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3363
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3381.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://medium.com/%40steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff | x_refsource_MISC | |
| http://www.securityfocus.com/bid/92801 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff"
},
{
"name": "92801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92801"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3381."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff"
},
{
"name": "92801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92801"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3381."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "https://medium.com/@steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff",
"refsource": "MISC",
"url": "https://medium.com/@steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff"
},
{
"name": "92801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92801"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3363",
"datePublished": "2016-09-14T10:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8382
Vulnerability from cvelistv5
Published
2018-08-15 17:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105000 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041463 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Excel Viewer |
Version: 2007 Service Pack 3 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105000"
},
{
"name": "1041463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
],
"datePublic": "2018-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105000"
},
{
"name": "1041463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105000"
},
{
"name": "1041463",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041463"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8382",
"datePublished": "2018-08-15T17:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11826
Vulnerability from cvelistv5
Published
2017-10-13 13:00
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 | x_refsource_CONFIRM | |
| https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/101219 | vdb-entry, x_refsource_BID | |
| https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1039541 | vdb-entry, x_refsource_SECTRACK | |
| https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html"
},
{
"name": "101219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/"
},
{
"name": "1039541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server."
}
]
}
],
"datePublic": "2017-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-11T23:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html"
},
{
"name": "101219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/"
},
{
"name": "1039541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826"
},
{
"name": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html"
},
{
"name": "101219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101219"
},
{
"name": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/",
"refsource": "MISC",
"url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/"
},
{
"name": "1039541",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039541"
},
{
"name": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/",
"refsource": "MISC",
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11826",
"datePublished": "2017-10-13T13:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T16:32:32.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2502
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-10-21 16:34
Severity ?
EPSS score ?
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-2502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T16:41:52.863250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:34:33.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2502",
"datePublished": "2009-10-14T10:00:00",
"dateReserved": "2009-07-17T00:00:00",
"dateUpdated": "2024-10-21T16:34:33.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0127
Vulnerability from cvelistv5
Published
2016-04-12 23:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1035525 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035524 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "1035525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "1035524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "1035525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "1035524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "1035525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "1035524",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0127",
"datePublished": "2016-04-12T23:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4019
Vulnerability from cvelistv5
Published
2008-10-15 00:00
Modified
2024-08-07 10:00
Severity ?
EPSS score ?
Summary
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45580 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=122479227205998&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1021044 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/2808 | vdb-entry, x_refsource_VUPEN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 | vendor-advisory, x_refsource_MS | |
| http://marc.info/?l=bugtraq&m=122479227205998&w=2 | vendor-advisory, x_refsource_HP | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA08-288A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/advisories/32211 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31706 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "excel-rept-code-execution(45580)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45580"
},
{
"name": "SSRT080143",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "1021044",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021044"
},
{
"name": "ADV-2008-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"name": "MS08-057",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"name": "HPSBST02379",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "win-ms08kb956416-update(45581)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"name": "oval:org.mitre.oval:def:6102",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102"
},
{
"name": "TA08-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "32211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32211"
},
{
"name": "31706",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka \"Formula Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "excel-rept-code-execution(45580)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45580"
},
{
"name": "SSRT080143",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "1021044",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021044"
},
{
"name": "ADV-2008-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"name": "MS08-057",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"name": "HPSBST02379",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "win-ms08kb956416-update(45581)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"name": "oval:org.mitre.oval:def:6102",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102"
},
{
"name": "TA08-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "32211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32211"
},
{
"name": "31706",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-4019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka \"Formula Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "excel-rept-code-execution(45580)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45580"
},
{
"name": "SSRT080143",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "1021044",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021044"
},
{
"name": "ADV-2008-2808",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"name": "MS08-057",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"name": "HPSBST02379",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "win-ms08kb956416-update(45581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"name": "oval:org.mitre.oval:def:6102",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102"
},
{
"name": "TA08-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "32211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32211"
},
{
"name": "31706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-4019",
"datePublished": "2008-10-15T00:00:00",
"dateReserved": "2008-09-10T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3850
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "oval:org.mitre.oval:def:18753",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "oval:org.mitre.oval:def:18753",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "oval:org.mitre.oval:def:18753",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3850",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0922
Vulnerability from cvelistv5
Published
2018-03-14 17:00
Modified
2024-09-16 22:15
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103314 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040511 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103314"
},
{
"name": "1040511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "103314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103314"
},
{
"name": "1040511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103314"
},
{
"name": "1040511",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040511"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0922",
"datePublished": "2018-03-14T17:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T22:15:01.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3858
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18801",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801"
},
{
"name": "oval:org.mitre.oval:def:18709",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18801",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801"
},
{
"name": "oval:org.mitre.oval:def:18709",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709"
},
{
"name": "MS13-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18801",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801"
},
{
"name": "oval:org.mitre.oval:def:18709",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709"
},
{
"name": "MS13-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"name": "MS13-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3858",
"datePublished": "2013-09-11T10:00:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2504
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6282",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6282",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6282",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2504",
"datePublished": "2009-10-14T10:00:00",
"dateReserved": "2009-07-17T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0086
Vulnerability from cvelistv5
Published
2015-03-11 10:00
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031896 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:27.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031896",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031896"
},
{
"name": "MS15-022",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1031896",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031896"
},
{
"name": "MS15-022",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-0086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031896"
},
{
"name": "MS15-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-0086",
"datePublished": "2015-03-11T10:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:27.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0054
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034976 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:12.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0054",
"datePublished": "2016-02-10T11:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:12.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0798
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 18:56
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102370 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798 | x_refsource_CONFIRM | |
| https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102370"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-28T21:57:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102370"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102370"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798"
},
{
"name": "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0798",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T18:56:12.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2377
Vulnerability from cvelistv5
Published
2015-07-14 21:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032899 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032899",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2377",
"datePublished": "2015-07-14T21:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7213
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/93993 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "93993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7213",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7233
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232 | third-party-advisory, x_refsource_IDEFENSE | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94031 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94031"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94031"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94031"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7233",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1760
Vulnerability from cvelistv5
Published
2015-06-10 01:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032523 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/75015 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:15.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032523"
},
{
"name": "MS15-059",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
},
{
"name": "75015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032523"
},
{
"name": "MS15-059",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
},
{
"name": "75015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032523",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032523"
},
{
"name": "MS15-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
},
{
"name": "75015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-1760",
"datePublished": "2015-06-10T01:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:15.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0797
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 18:17
Severity ?
EPSS score ?
Summary
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102406 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Office |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102406"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102406"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102406"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0797",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T18:17:56.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3889
Vulnerability from cvelistv5
Published
2013-10-09 14:44
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-288A | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:01.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS13-084",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084"
},
{
"name": "TA13-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "oval:org.mitre.oval:def:19132",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132"
},
{
"name": "MS13-085",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"name": "oval:org.mitre.oval:def:18901",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS13-084",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084"
},
{
"name": "TA13-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "oval:org.mitre.oval:def:19132",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132"
},
{
"name": "MS13-085",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"name": "oval:org.mitre.oval:def:18901",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-084",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084"
},
{
"name": "TA13-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name": "oval:org.mitre.oval:def:19132",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132"
},
{
"name": "MS13-085",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"name": "oval:org.mitre.oval:def:18901",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2013-3889",
"datePublished": "2013-10-09T14:44:00",
"dateReserved": "2013-06-03T00:00:00",
"dateUpdated": "2024-08-06T16:22:01.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0804
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 17:09
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102457 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102457"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "102457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102457"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102457"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0804",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T17:09:15.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0821
Vulnerability from cvelistv5
Published
2010-06-08 20:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/511729/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | vendor-advisory, x_refsource_MS | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-104 | x_refsource_MISC | |
| http://www.us-cert.gov/cas/techalerts/TA10-159B.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100608 ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511729/100/0/threaded"
},
{
"name": "MS10-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-104"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "oval:org.mitre.oval:def:6771",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka \"Excel Record Parsing Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0824 and CVE-2010-1245."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20100608 ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511729/100/0/threaded"
},
{
"name": "MS10-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-104"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "oval:org.mitre.oval:def:6771",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka \"Excel Record Parsing Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0824 and CVE-2010-1245."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100608 ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511729/100/0/threaded"
},
{
"name": "MS10-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-104",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-104"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "oval:org.mitre.oval:def:6771",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0821",
"datePublished": "2010-06-08T20:00:00",
"dateReserved": "2010-03-02T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8429
Vulnerability from cvelistv5
Published
2018-09-13 00:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105219 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041630 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Excel Viewer |
Version: 2007 Service Pack 3 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429"
},
{
"name": "105219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105219"
},
{
"name": "1041630",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
}
],
"datePublic": "2018-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429"
},
{
"name": "105219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105219"
},
{
"name": "1041630",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429"
},
{
"name": "105219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105219"
},
{
"name": "1041630",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8429",
"datePublished": "2018-09-13T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3233
Vulnerability from cvelistv5
Published
2016-06-16 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1036093 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:58.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-070",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-070",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"name": "1036093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3233",
"datePublished": "2016-06-16T01:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:58.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0030
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96051 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030"
},
{
"name": "96051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038010",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030"
},
{
"name": "96051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030"
},
{
"name": "96051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0030",
"datePublished": "2017-03-17T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2523
Vulnerability from cvelistv5
Published
2015-09-09 00:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033488 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/38214/ | exploit, x_refsource_EXPLOIT-DB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "38214",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38214/"
},
{
"name": "MS15-099",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1033488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "38214",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38214/"
},
{
"name": "MS15-099",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"name": "38214",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38214/"
},
{
"name": "MS15-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2523",
"datePublished": "2015-09-09T00:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1029
Vulnerability from cvelistv5
Published
2018-04-12 01:00
Modified
2024-08-05 03:44
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103617 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040652 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Excel Viewer |
Version: 2007 Service Pack 3 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103617"
},
{
"name": "1040652",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040652"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"status": "affected",
"version": "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
],
"datePublic": "2018-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "103617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103617"
},
{
"name": "1040652",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040652"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-1029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103617"
},
{
"name": "1040652",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040652"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-1029",
"datePublished": "2018-04-12T01:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T03:44:11.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2376
Vulnerability from cvelistv5
Published
2015-07-14 21:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032899 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032899",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"name": "MS15-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2376",
"datePublished": "2015-07-14T21:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7268
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94672 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94672",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94672"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-148",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94672",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94672"
},
{
"name": "1037441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94672"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7268",
"datePublished": "2016-12-20T05:54:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3381
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3363.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3363."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3363."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3381",
"datePublished": "2016-09-14T10:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7234
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94020 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:46.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94020"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS16-133",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94020"
},
{
"name": "1037246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94020"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"name": "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-7234",
"datePublished": "2016-11-10T06:16:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:46.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3471
Vulnerability from cvelistv5
Published
2008-10-15 00:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-068/ | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=122479227205998&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1021044 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/2808 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/31705 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 | vendor-advisory, x_refsource_MS | |
| http://marc.info/?l=bugtraq&m=122479227205998&w=2 | vendor-advisory, x_refsource_HP | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/cas/techalerts/TA08-288A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/advisories/32211 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "excel-file-format-code-execution(45579)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45579"
},
{
"name": "oval:org.mitre.oval:def:5750",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-068/"
},
{
"name": "SSRT080143",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "1021044",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021044"
},
{
"name": "ADV-2008-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"name": "31705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31705"
},
{
"name": "MS08-057",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"name": "HPSBST02379",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "win-ms08kb956416-update(45581)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"name": "TA08-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "32211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka \"File Format Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "excel-file-format-code-execution(45579)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45579"
},
{
"name": "oval:org.mitre.oval:def:5750",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-068/"
},
{
"name": "SSRT080143",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "1021044",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021044"
},
{
"name": "ADV-2008-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"name": "31705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31705"
},
{
"name": "MS08-057",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"name": "HPSBST02379",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "win-ms08kb956416-update(45581)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"name": "TA08-288A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "32211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka \"File Format Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "excel-file-format-code-execution(45579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45579"
},
{
"name": "oval:org.mitre.oval:def:5750",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-068/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-068/"
},
{
"name": "SSRT080143",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "1021044",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021044"
},
{
"name": "ADV-2008-2808",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"name": "31705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31705"
},
{
"name": "MS08-057",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"name": "HPSBST02379",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"name": "win-ms08kb956416-update(45581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"name": "TA08-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "32211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3471",
"datePublished": "2008-10-15T00:00:00",
"dateReserved": "2008-08-04T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8627
Vulnerability from cvelistv5
Published
2018-12-12 00:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106120 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2016 for Mac Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2019 for Mac Version: Compatibility Pack Service Pack 3 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
},
{
"name": "106120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2019 for Mac"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
}
]
},
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
},
{
"product": "Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "365 ProPlus for 32-bit Systems"
},
{
"status": "affected",
"version": "365 ProPlus for 64-bit Systems"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
},
{
"name": "106120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
},
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Excel",
"version": {
"version_data": [
{
"version_value": "Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
},
{
"name": "106120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8627",
"datePublished": "2018-12-12T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0064
Vulnerability from cvelistv5
Published
2015-02-11 02:00
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72463 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/62808 | third-party-advisory, x_refsource_SECUNIA | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 | vendor-advisory, x_refsource_MS | |
| https://www.exploit-db.com/exploits/37967/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securitytracker.com/id/1031720 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:27.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72463"
},
{
"name": "62808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62808"
},
{
"name": "MS15-012",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"name": "37967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37967/"
},
{
"name": "1031720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Office Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "72463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72463"
},
{
"name": "62808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62808"
},
{
"name": "MS15-012",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"name": "37967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37967/"
},
{
"name": "1031720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-0064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Office Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72463"
},
{
"name": "62808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62808"
},
{
"name": "MS15-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"name": "37967",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37967/"
},
{
"name": "1031720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-0064",
"datePublished": "2015-02-11T02:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:27.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0053
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034976 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034975 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:12.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0053",
"datePublished": "2016-02-10T11:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:12.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0056
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034976 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-0056",
"datePublished": "2016-02-10T11:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1274
Vulnerability from cvelistv5
Published
2011-06-16 20:21
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds Array Access Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12538 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12538",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12538"
},
{
"name": "MS11-045",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Out of Bounds Array Access Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12538",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12538"
},
{
"name": "MS11-045",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Out of Bounds Array Access Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12538",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12538"
},
{
"name": "MS11-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-1274",
"datePublished": "2011-06-16T20:21:00",
"dateReserved": "2011-03-04T00:00:00",
"dateUpdated": "2024-08-06T22:21:34.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0978
Vulnerability from cvelistv5
Published
2011-02-10 18:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA11-102A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/advisories/39122 | third-party-advisory, x_refsource_SECUNIA | |
| http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft | x_refsource_MISC | |
| http://secunia.com/advisories/43232 | third-party-advisory, x_refsource_SECUNIA | |
| http://zerodayinitiative.com/advisories/ZDI-11-042/ | x_refsource_MISC | |
| http://www.securitytracker.com/id?1025337 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | vendor-advisory, x_refsource_MS | |
| http://securityreason.com/securityalert/8231 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2011/0940 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12439",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439"
},
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"name": "43232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-042/"
},
{
"name": "1025337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "8231",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8231"
},
{
"name": "ADV-2011-0940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka \"Excel Array Indexing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12439",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439"
},
{
"name": "TA11-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"name": "43232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-042/"
},
{
"name": "1025337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "8231",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8231"
},
{
"name": "ADV-2011-0940",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka \"Excel Array Indexing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12439",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39122"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"name": "43232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43232"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-042/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-042/"
},
{
"name": "1025337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "MS11-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "8231",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8231"
},
{
"name": "ADV-2011-0940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0978",
"datePublished": "2011-02-10T18:00:00",
"dateReserved": "2011-02-10T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3360
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/92796 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:12.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name": "92796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3360",
"datePublished": "2016-09-14T10:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:56:12.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0805
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 16:18
Severity ?
EPSS score ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102459 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Equation Editor |
Version: Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Equation Editor",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805"
},
{
"name": "1040153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102459"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "102459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102459"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0805",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T16:18:21.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102461 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102461 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este CVE es diferente de CVE-2018-0804, CVE-2018-0805 y CVE-2018-0806."
}
],
"id": "CVE-2018-0807",
"lastModified": "2024-11-21T03:38:59.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.977",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102461"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-11 00:59
Modified
2024-11-21 02:14
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "3C4CFF7E-7170-4A6B-9A59-9815EE896C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:rt_gold:*:*:*",
"matchCriteriaId": "BC9DB6E0-B1A1-4652-A943-FDB6A6418576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DC2480-5B8D-4E96-BD54-17561B1FFE7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Excel Invalid Pointer Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold y SP1, Excel 2013 RT Gold y SP1, y Office Compatibility Pack permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027Vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto de puntero inv\u00e1lido de Excel\u0027."
}
],
"id": "CVE-2014-6361",
"lastModified": "2024-11-21T02:14:14.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-11T00:59:12.330",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-11 03:01
Modified
2024-11-21 02:22
Severity ?
Summary
Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/62808 | Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/bid/72460 | VDB Entry, Vendor Advisory | |
| secure@microsoft.com | http://www.securitytracker.com/id/1031720 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/100439 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/62808 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72460 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031720 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/100439 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp3:*:*:*:*:*:*",
"matchCriteriaId": "928192DB-8C38-49BE-83E6-E2C601653E2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3; las herramientas de pruebas en Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, y RT; Excel Viewer; y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto de Excel.\u0027"
}
],
"id": "CVE-2015-0063",
"lastModified": "2024-11-21T02:22:18.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-11T03:01:06.433",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/62808"
},
{
"source": "secure@microsoft.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/72460"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031720"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"source": "secure@microsoft.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/62808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/72460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-11 10:59
Modified
2024-11-21 02:22
Severity ?
Summary
Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1031896 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps_server | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | web_applications | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "3C4CFF7E-7170-4A6B-9A59-9815EE896C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "BB0CF266-A7EE-474A-B3D3-4A7FE33F4C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "DC25ACD6-8F48-4534-AF7B-53F0D10C0843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:gold:*:*:*",
"matchCriteriaId": "F4C9D0D2-4D72-4712-8056-9EDDF741723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:rt_gold:*:*:*",
"matchCriteriaId": "6DF78996-DFB3-4102-9E98-FF2B56FB67B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "84149DF3-54BA-4738-9386-6C29B4E9448F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:gold:*:*:*",
"matchCriteriaId": "8252ABD2-4FC5-4C7F-9A73-625B47EA980B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:-:-:*:gold:*:*:*",
"matchCriteriaId": "A9626946-8339-4E06-BBF6-904D0ACC5ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F71184B1-7461-4A05-A5D2-03D9EDDC30D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*",
"matchCriteriaId": "90DBE271-001E-4783-86F5-E14977F95F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "70F505C4-2D2D-4336-95C0-78644F2C5636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AC93E283-E88A-41F1-90B6-CD256FF02F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:gold:*:*:*",
"matchCriteriaId": "E625EEC9-52BF-49F9-BD10-CA1E2FF0B227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:rt_gold:*:*:*",
"matchCriteriaId": "004A33A3-2DE6-4DEE-9350-BE0C233F4A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold y SP1, Office 2013 RT Gold y SP1, Word 2013 RT Gold y SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold y SP1, Word Automation Services on SharePoint Server 2013 Gold y SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold y SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold y SP1, y SharePoint Server 2013 Gold y SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad del uso despu\u00e9s de liberaci\u00f3n de componentes de Microsoft Office.\u0027"
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2015-0085",
"lastModified": "2024-11-21T02:22:20.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-11T10:59:12.533",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1031896"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-13 18:55
Modified
2024-11-21 01:24
Severity ?
Summary
Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://osvdb.org/71770 | ||
| secure@microsoft.com | http://www.securityfocus.com/archive/1/517482/100/0/threaded | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/47251 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1025340 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2011/0941 | Vendor Advisory | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-11-125 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/71770 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/517482/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47251 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025340 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0941 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-11-125 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | open_xml_file_format_converter | * | |
| microsoft | powerpoint | 2002 | |
| microsoft | powerpoint | 2003 | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint_viewer | 2007 | |
| microsoft | powerpoint_web_app | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "34C63AE5-4584-4A51-B20D-36FA6DE01C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1778A4FF-FF69-403C-A607-6777AE685A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B9B8A17F-9A70-43A1-95E8-6554F73B9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1AE479-3620-4E55-A3C8-2447E84EAAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "55EC7732-2576-4AA8-9893-B9869D61681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_web_app:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870A8521-2151-4D01-B067-1707D2064BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka \"Persist Directory RCE Vulnerability.\""
},
{
"lang": "es",
"value": "PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004, 2008, y 2011 para Mac; Open XML File Format Converter para Mac; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; y PowerPoint Web App, de Microsoft, no comprueba apropiadamente los registros de PersistDirectoryEntry en documentos de PowerPoint, lo que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una Diapositiva con un registro malformado, lo que desencadena una excepci\u00f3n y luego el uso de un m\u00e9todo no especificado, tambi\u00e9n se conoce como \"Persist Directory RCE Vulnerability.\""
}
],
"id": "CVE-2011-0656",
"lastModified": "2024-11-21T01:24:33.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-13T18:55:01.360",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/71770"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/517482/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/47251"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1025340"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0941"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-125"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/71770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517482/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-10 22:30
Modified
2024-11-21 01:11
Severity ?
Summary
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859 | Broken Link | |
| secure@microsoft.com | http://www.securitytracker.com/id?1023698 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023698 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | - | |
| microsoft | office_excel_viewer | - | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "A78DC369-DCAE-4D75-8C33-0FFF108640F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*",
"matchCriteriaId": "421ACF1B-1B21-4416-98ED-BAA5C210EAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EAC4BFBE-0AEF-42EA-9252-3E19A4ED6BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F142404A-9C14-4244-9364-23B90905C765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F007E987-9CCF-4786-AB23-C5F4AE51D5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "875D8BED-E54F-4C54-9071-A3BAAF4493A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "DB814642-71A7-4537-9476-A0D5E0BE96DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka \"Microsoft Office Excel Sheet Object Type Confusion Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel 2002 SP3, 2003 SP3, y 2007 SP1 y SP2; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Excel Viewer SP1 y SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2 no validan adecuadamente el formato de archivo Excel, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo. Tambi\u00e9n conocida como \"Vulnerabilidad Microsoft Office Excel Sheet Object Type Confusion\"."
}
],
"id": "CVE-2010-0258",
"lastModified": "2024-11-21T01:11:51.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2010-03-10T22:30:01.073",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-10 19:00
Modified
2024-11-21 01:25
Severity ?
Summary
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft | ||
| cve@mitre.org | http://osvdb.org/70904 | ||
| cve@mitre.org | http://secunia.com/advisories/39122 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/43231 | Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id?1025337 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0940 | Vendor Advisory | |
| cve@mitre.org | http://zerodayinitiative.com/advisories/ZDI-11-041/ | ||
| cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/70904 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39122 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43231 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0940 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://zerodayinitiative.com/advisories/ZDI-11-041/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:-:-:x64:*:*:*:*:*",
"matchCriteriaId": "A7870548-E23F-469A-B205-BB30E49718B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9AEBCD21-942F-44A9-B77E-8FC944F969F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a \"stray reference,\" aka \"Excel Linked List Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Excel 2002 SP3, 2003 SP3, 2007 SP2 y 2010; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; y Excel Viewer SP2 de Microsoft, no maneja apropiadamente los errores durante el an\u00e1lisis de registros Art de Office en hojas de c\u00e1lculo de Excel, lo que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un registro de objeto malformado, relacionado con una \"stray reference\", tambi\u00e9n se conoce como \"Excel Linked List Corruption Vulnerability\"."
}
],
"id": "CVE-2011-0979",
"lastModified": "2024-11-21T01:25:13.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-10T19:00:01.940",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70904"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39122"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43231"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-041/"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-041/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12595"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-11 18:47
Modified
2024-11-21 01:15
Severity ?
Summary
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-222A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-222A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F02894C4-57A7-45FE-B9D2-1A0EE3ABA455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "262BC12C-246A-41AB-A08D-3D205156F074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0579650D-24E9-46FF-8876-5164D4397E10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka \"Word Record Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Word 2002 SP3, 2003 SP3, y 2007 SP2; Microsoft Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Word Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; y Works 9 no manejan adecuadamente los registros mal formados, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de archivos manipulados, tambi\u00e9n conocido como \"Word Record parsing Vulnerability.\""
}
],
"id": "CVE-2010-1900",
"lastModified": "2024-11-21T01:15:25.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-11T18:47:50.280",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-10 22:30
Modified
2024-11-21 01:11
Severity ?
Summary
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1023698 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E8A9B86A-21B8-4E2F-9DB8-1D1DFE718A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69286E7D-BA6E-479F-A9B3-2B9F54663847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which \"a MDXSET record is broken up into several records,\" aka \"Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en Microsoft Office Excel v2007 SP1 y SP2 y Office Compatibility Pack para Word, Excel, y para formatos de ficheros PowerPoint v2007 SP1 y SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo manipulada, tambi\u00e9n conocida como \"Vulnerabilidad de desbordamiento de pila de Microsoft Office Excel MDXSET record\"\r\n"
}
],
"id": "CVE-2010-0261",
"lastModified": "2024-11-21T01:11:51.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-10T22:30:01.137",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8479"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-09 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034324 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1 y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6124",
"lastModified": "2024-11-21T02:34:29.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-12-09T11:59:09.347",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102347 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html | Exploit, Third Party Advisory | |
| secure@microsoft.com | https://github.com/rxwx/CVE-2018-0802 | Exploit, Third Party Advisory | |
| secure@microsoft.com | https://github.com/zldww2011/CVE-2018-0802_POC | Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://research.checkpoint.com/another-office-equation-rce-vulnerability/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102347 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rxwx/CVE-2018-0802 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zldww2011/CVE-2018-0802_POC | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.checkpoint.com/another-office-equation-rce-vulnerability/ | Exploit |
Impacted products
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Office Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "552E1557-D6FA-45DD-9B52-E13ACDBB8A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "D7A48E44-F01A-40AD-B8AF-8FE368248003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\". Este CVE es diferente de CVE-2018-0797 y CVE-2018-0812."
}
],
"id": "CVE-2018-0802",
"lastModified": "2024-11-21T03:38:58.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.820",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102347"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rxwx/CVE-2018-0802"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zldww2011/CVE-2018-0802_POC"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit"
],
"url": "https://research.checkpoint.com/another-office-equation-rce-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rxwx/CVE-2018-0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zldww2011/CVE-2018-0802_POC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://research.checkpoint.com/another-office-equation-rce-vulnerability/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-12 00:29
Modified
2024-11-21 04:14
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106104 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106104 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2016 | |
| microsoft | powerpoint_viewer | * | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2019 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
"matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6404DAF-34CC-47A0-B711-87EAC662FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA10B8A2-2F13-4FAA-A4E2-D615E44AD020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software de Microsoft PowerPoint cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft PowerPoint Remote Code Execution Vulnerability\". Esto afecta a Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server y Microsoft SharePoint Server."
}
],
"id": "CVE-2018-8628",
"lastModified": "2024-11-21T04:14:08.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-12T00:29:01.467",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106104"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2024-11-21 01:27
Severity ?
Summary
Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2004 | |
| microsoft | office | 2007 | |
| microsoft | office | 2008 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*",
"matchCriteriaId": "51172DC6-4217-44B9-AAA8-82B93FDBFC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*",
"matchCriteriaId": "01CBB518-3740-424F-82AD-DF6036155326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "BE381B87-A400-4EAB-8085-CB9C34522DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "84CD3A20-1082-4685-98B0-3492228F869E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*",
"matchCriteriaId": "9AC0BEF9-2417-48C5-BC95-F95F41F08795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*",
"matchCriteriaId": "C60D2557-347B-41BD-91D5-A51C88630B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "C91F1A74-BE24-4EF7-8E3B-E5E6448E7E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\""
},
{
"lang": "es",
"value": "Error de indice de matrices en Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Gold y SP1; Excel en Office 2010 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; El paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2 que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo debidamente modificada. Es un problema tambi\u00e9n conocido como \"Vulnerabilidad de indexaci\u00f3n de matrices fuera de l\u00edmites de Excel.\""
}
],
"id": "CVE-2011-1987",
"lastModified": "2024-11-21T01:27:26.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-15T12:26:48.867",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-11 00:59
Modified
2024-11-21 02:14
Severity ?
Summary
Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Use After Free Word Remote Code Execution Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | web_applications | 2010 | |
| microsoft | web_applications | 2013 | |
| microsoft | web_applications | 2013 | |
| microsoft | word_viewer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "BB0CF266-A7EE-474A-B3D3-4A7FE33F4C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "DC25ACD6-8F48-4534-AF7B-53F0D10C0843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:*:*:*:mac:*:*",
"matchCriteriaId": "AA77823A-1112-49BE-A140-790E8816DAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:gold:*:*:*",
"matchCriteriaId": "F4C9D0D2-4D72-4712-8056-9EDDF741723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:rt:*:*:*",
"matchCriteriaId": "F1B08C24-2704-4F73-8281-99D4DA5B9FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:rt_gold:*:*:*",
"matchCriteriaId": "6DF78996-DFB3-4102-9E98-FF2B56FB67B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*",
"matchCriteriaId": "90DBE271-001E-4783-86F5-E14977F95F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AC93E283-E88A-41F1-90B6-CD256FF02F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:web_applications:2013:*:*:*:gold:*:*:*",
"matchCriteriaId": "D0425EF1-E230-443C-A348-C0A22995B190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:web_applications:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "58A2637B-E066-4E5A-B9A6-D8F9DEE8108A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC45CB0-6C84-46D3-B16D-170D46822E54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Use After Free Word Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Office 2010 SP2, Office 2013 Gold y SP1, Office 2013 RT Gold y SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 y 2013 Gold y SP1, y Office Web Apps 2010 SP2 y 2013 Gold y SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Word de la ejecuci\u00f3n de c\u00f3digo remoto.\u0027"
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2014-6357",
"lastModified": "2024-11-21T02:14:14.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-11T00:59:10.207",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94031 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| secure@microsoft.com | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94031 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_viewer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B12493-4287-4AAD-9A18-D3FC3FCBE172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC45CB0-6C84-46D3-B16D-170D46822E54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word para Mac 2011, Excel para Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2013 SP1 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible memoria de proceso o provocar una denegaci\u00f3n de servicio cause a denial of service (escritura fuera de l\u00edmites) a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2016-7233",
"lastModified": "2024-11-21T02:57:45.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:46.300",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/94031"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-15 10:55
Modified
2024-11-21 02:09
Severity ?
Summary
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/60973 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/70360 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/60973 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_web_apps | 2010 | |
| microsoft | word_web_apps | 2010 | |
| microsoft | word_web_apps | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9932C177-FCBB-4AD1-A42A-1FAB28F392F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:gold:*:*:*:*:*:*",
"matchCriteriaId": "72BE5568-5864-4E8A-B7DE-E011157DE2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5BB1096A-8523-4DD8-BCF2-745D7130F95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D7388C5-E104-436A-8772-57BEB82856DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka \"Microsoft Word File Format Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 y SP2, Word 2010 SP1 y SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 y SP2, y Word Web Apps 2010 Gold, SP1, y SP2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de propiedades manipuladas en un documento Word document, tambi\u00e9n conocido como \u0027vulnerabilidad del formato de ficheros Microsoft Word.\u0027"
}
],
"id": "CVE-2014-4117",
"lastModified": "2024-11-21T02:09:32.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-15T10:55:07.897",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/60973"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/70360"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-12 01:29
Modified
2024-11-21 03:59
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103617 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040652 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103617 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "DAD067D0-3EE7-4E65-98FF-95277E98DE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "14F42778-339E-4949-A43D-6E74FA9C0F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software de Microsoft Excel cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Esto afecta a Microsoft Excel Viewer, Microsoft Office y Microsoft Excel. El ID de este CVE es diferente de CVE-2018-0920, CVE-2018-1011 y CVE-2018-1027."
}
],
"id": "CVE-2018-1029",
"lastModified": "2024-11-21T03:59:01.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-12T01:29:10.220",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103617"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040652"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-09 00:55
Modified
2024-11-21 01:34
Severity ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/49112 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/53373 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027041 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49112 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/53373 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96EBA20F-201E-43AA-9F83-B73FB31696C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no maneja correctamente la memoria durante la apertura de ficheros, permitiendo que atacantes remotos ejecuten codigo arbitrario mediante una hoja de calculo manipulada, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria en el registro OBJECTLINKE en un fichero de Excel\""
}
],
"id": "CVE-2012-0142",
"lastModified": "2024-11-21T01:34:27.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-09T00:55:01.273",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/49112"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/53373"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-06 15:55
Modified
2024-12-19 18:31
Severity ?
Summary
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2 | Broken Link, Exploit | |
| secure@microsoft.com | http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx | Broken Link, Exploit | |
| secure@microsoft.com | http://technet.microsoft.com/security/advisory/2896666 | Patch, Vendor Advisory | |
| secure@microsoft.com | http://www.exploit-db.com/exploits/30011 | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2 | Broken Link, Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx | Broken Link, Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://technet.microsoft.com/security/advisory/2896666 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/30011 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_viewer | - | |
| microsoft | lync | 2010 | |
| microsoft | lync | 2013 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | powerpoint_viewer | 2010 | |
| microsoft | powerpoint_viewer | 2010 | |
| microsoft | word_viewer | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_vista | - |
{
"cisaActionDue": "2022-08-15",
"cisaExploitAdd": "2022-02-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Graphics Component Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAAF38A-FE97-40FC-9BBF-763785853DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync:2010:*:*:*:attendee:*:*:*",
"matchCriteriaId": "6C3ED4FC-2583-4E51-8931-082875A97034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "57F4F185-8709-4846-B017-A09C7A0D58B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9932C177-FCBB-4AD1-A42A-1FAB28F392F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9C087A89-8A17-4C73-B257-A082555ABDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F6C3E599-80A1-4EC9-8737-F05212888124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC45CB0-6C84-46D3-B16D-170D46822E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013."
},
{
"lang": "es",
"value": "El componente GDI + de Microsoft Windows Vista SP2 y Server 2008 SP2, Office 2003 SP3, 2007 SP3 y 2010 SP1 y SP2, Office Compatibility Pack SP3 y Lync 2010, 2010 Attende, 2.013 y Basic 2013 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen TIFF manipulada, como se ha demuestrado por exploits relaizados en octubre y noviembre de 2013 al abrir una imagen en un documento Word."
}
],
"id": "CVE-2013-3906",
"lastModified": "2024-12-19T18:31:14.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2013-11-06T15:55:05.860",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2896666"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/30011"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2896666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/30011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-14 00:55
Modified
2024-11-21 01:30
Severity ?
Summary
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-347A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-347A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint_viewer | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B9B8A17F-9A70-43A1-95E8-6554F73B9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "55EC7732-2576-4AA8-9893-B9869D61681E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka \"OfficeArt Shape RCE Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft PowerPoint 2007 SP2; Office 2008 para Mac; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; y PowerPoint Viewer 2007 SP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un registro OfficeArt inv\u00e1lido en un documento PowerPoint. Tambi\u00e9n conocida como \"Vulnerabilidad RCE OfficeArt Shape\"."
}
],
"id": "CVE-2011-3413",
"lastModified": "2024-11-21T01:30:27.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-12-14T00:55:01.777",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-11 00:59
Modified
2024-11-21 02:14
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Global Free Remote Code Execution in Excel Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "3C4CFF7E-7170-4A6B-9A59-9815EE896C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DC2480-5B8D-4E96-BD54-17561B1FFE7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Global Free Remote Code Execution in Excel Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, y Office Compatibility Pack permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto de liberaci\u00f3n global en Excel.\u0027"
}
],
"id": "CVE-2014-6360",
"lastModified": "2024-11-21T02:14:14.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-11T00:59:11.237",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/91589 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1036274 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1036275 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91589 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036274 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036275 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_online_server | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_rt | 2013 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6404DAF-34CC-47A0-B711-87EAC662FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "558B8B5E-125A-4370-A6E9-3CB75808D7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services en SharePoint Server 2010 SP2, Word Automation Services en SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-3282",
"lastModified": "2024-11-21T02:49:43.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-13T01:59:36.423",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/91589"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036275"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "E03BB51F-14CE-4FFC-ADCD-15B5B694563B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:x86:*:*",
"matchCriteriaId": "C3ADF60E-8802-4738-A6A6-BF2790225BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "00A48B3D-7639-4F74-83CB-79D951458C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "8A4BC977-9CE3-4E6A-BEBB-0FFBDD975722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word Automation Services en SharePoint Server 2010 SP1 y SP2, Word Web App 2010 SP1 y SP2 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 y SP2, Office Compatibility Pack SP3, y Word Viewer permite a atacantes remotos ejecutar c\u00f3digo a discrecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento de Office manipulado, tambien conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Word\"."
}
],
"id": "CVE-2013-3857",
"lastModified": "2024-11-21T01:54:25.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.293",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-09 21:55
Modified
2024-11-21 01:39
Severity ?
Summary
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/55781 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-283A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/55781 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-283A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | word_automation_services | - | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "262BC12C-246A-41AB-A08D-3D205156F074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka \"RTF File listid Use-After-Free Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Word 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Word Viewer; Office Compatibility Pack SP2 y SP3; Word Automation Services en Microsoft SharePoint Server 2010; y Office Web Apps 2010 SP1, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento RTF modificado, tambi\u00e9n conocido como \"RTF File listid Use-After-Free Vulnerability.\""
}
],
"id": "CVE-2012-2528",
"lastModified": "2024-11-21T01:39:11.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-09T21:55:02.690",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55781"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-15 00:12
Modified
2024-11-21 00:49
Severity ?
Summary
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://marc.info/?l=bugtraq&m=122479227205998&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| secure@microsoft.com | http://marc.info/?l=bugtraq&m=122479227205998&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| secure@microsoft.com | http://secunia.com/advisories/32211 | Patch, Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/bid/31705 | Patch, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1021044 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2008/2808 | Third Party Advisory | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-08-068/ | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=122479227205998&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=122479227205998&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32211 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31705 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021044 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2808 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-08-068/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2003 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | - | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | open_xml_file_format_converter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:-:*:*:*:*:*:*",
"matchCriteriaId": "BB7D84EE-5AF2-44AF-AFA1-7BB555AA0B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAAF38A-FE97-40FC-9BBF-763785853DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:-:*:*:*:*:*:*",
"matchCriteriaId": "1F005DF3-BA80-49D0-B2B1-06DFD74ED9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*",
"matchCriteriaId": "0B191155-67F2-4C6E-BD0C-AF5AF6F04BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*",
"matchCriteriaId": "421ACF1B-1B21-4416-98ED-BAA5C210EAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:-:*:*:*:*:*:*",
"matchCriteriaId": "7C150805-6157-43E3-A913-E021F97E7F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:-:*:*:*:*:macos:*:*",
"matchCriteriaId": "4BC69733-551E-4535-B851-4A3EF71E98CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka \"File Format Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 y SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac no asigna memoria adecuadamente cuando carga objetos Excel durante el an\u00e1lisis del formato de fichero de la hoja de c\u00e1lculo Excel, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de ficheros BIFF manipulados, tambi\u00e9n conocido como \"Vulnerabilidad de An\u00e1lisis de Formato de Fichero\"."
}
],
"id": "CVE-2008-3471",
"lastModified": "2024-11-21T00:49:19.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-15T00:12:15.757",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32211"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31705"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021044"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-068/"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45579"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-068/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:13
Modified
2024-11-21 02:01
Severity ?
Summary
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1029598 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1029599 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029598 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029599 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3 y Office Compatibility Pack SP3 permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambien conocido como \"Word Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2014-0259",
"lastModified": "2024-11-21T02:01:46.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-15T16:13:03.850",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-12 00:29
Modified
2024-11-21 04:14
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106120 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106120 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
"matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el software de Microsoft Excel lee memoria fuera de l\u00edmites debido a una variable no inicializada, que podr\u00eda divulgar el contenido de la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Information Disclosure Vulnerability\". Esto afecta a Microsoft Office, ffice 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer y Excel. El ID de este CVE es diferente de CVE-2018-8598."
}
],
"id": "CVE-2018-8627",
"lastModified": "2024-11-21T04:14:08.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-12T00:29:01.420",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106120"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-10 22:30
Modified
2024-11-21 01:11
Severity ?
Summary
Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1023698 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E8A9B86A-21B8-4E2F-9DB8-1D1DFE718A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69286E7D-BA6E-479F-A9B3-2B9F54663847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka \"Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel 2007 SP1 y SP2 y Office 2004 para Mac no analiza correctamente el formato de archivo Excel, lo cual permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo manipulada, tambien conocido como \"Vulnerabilidad de Memoria de Registro FNGROUPNAME No Inicializada de Microsoft Office Excel\"."
}
],
"id": "CVE-2010-0262",
"lastModified": "2024-11-21T01:11:51.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-10T22:30:01.167",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-09 19:29
Modified
2024-11-21 04:13
Severity ?
Summary
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104051 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040852 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104051 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040852 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | web_applications | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AC93E283-E88A-41F1-90B6-CD256FF02F11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in Outlook when a message is opened, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Word, Microsoft Office."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Outlook cuando se abre un mensaje. Esto tambi\u00e9n se conoce como \"Microsoft Outlook Information Disclosure Vulnerability\". Esto afecta a Word y Microsoft Office."
}
],
"id": "CVE-2018-8160",
"lastModified": "2024-11-21T04:13:22.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-09T19:29:02.527",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104051"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040852"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_2000 | * | |
| microsoft | .net_framework | 1.1 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_reporting_services | 2000 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_groove | 2007 | |
| microsoft | office_groove | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_word_viewer | * | |
| microsoft | project | 2002 | |
| microsoft | visio | 2002 | |
| microsoft | word_viewer | 2003 | |
| microsoft | word_viewer | 2003 | |
| microsoft | works | 8.5 | |
| microsoft | platform_sdk | * | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio_.net | 2003 | |
| microsoft | visual_studio_.net | 2005 | |
| microsoft | forefront_client_security | 1.0 | |
| microsoft | visual_foxpro | 8.0 | |
| microsoft | visual_foxpro | 9.0 | |
| microsoft | windows_2000 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
"matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
"matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
"matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen TIFF manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de b\u00fafer GDI+ TIFF\"."
}
],
"id": "CVE-2009-2502",
"lastModified": "2024-11-21T01:05:01.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2009-10-14T10:30:01.390",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-14 20:59
Modified
2024-11-21 02:25
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/73995 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1032104 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73995 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032104 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | outlook | 2011 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2011 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 |
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Office Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2011:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "2307F3E3-6763-46F8-8536-BB1BFA698462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2011:*:*:*:*:macos:*:*",
"matchCriteriaId": "126AF471-BF9D-4872-BAD3-A9DC9D89686D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "D7A48E44-F01A-40AD-B8AF-8FE368248003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, y Office Web Apps Server 2010 SP2 y 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento RTF manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de corrupci\u00f3n de memoria de Microsoft Office.\u0027"
}
],
"id": "CVE-2015-1641",
"lastModified": "2024-11-21T02:25:50.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-04-14T20:59:05.250",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73995"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_2000 | * | |
| microsoft | .net_framework | 1.1 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_reporting_services | 2000 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_groove | 2007 | |
| microsoft | office_groove | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_word_viewer | * | |
| microsoft | project | 2002 | |
| microsoft | visio | 2002 | |
| microsoft | word_viewer | 2003 | |
| microsoft | word_viewer | 2003 | |
| microsoft | works | 8.5 | |
| microsoft | platform_sdk | * | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio_.net | 2003 | |
| microsoft | visual_studio_.net | 2005 | |
| microsoft | forefront_client_security | 1.0 | |
| microsoft | visual_foxpro | 8.0 | |
| microsoft | visual_foxpro | 9.0 | |
| microsoft | windows_2000 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
"matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
"matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
"matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 no localiza adecuadamente un b\u00fafer sin especificar, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen TIFF que inicia una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria GDI+ TIFF\""
}
],
"id": "CVE-2009-2503",
"lastModified": "2024-11-21T01:05:02.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-14T10:30:01.407",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-08 20:30
Modified
2024-11-21 01:13
Severity ?
Summary
Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://osvdb.org/65228 | ||
| secure@microsoft.com | http://www.securityfocus.com/archive/1/511728/100/0/threaded | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-159B.html | US Government Resource | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-10-103 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6842 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/65228 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/511728/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-159B.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-10-103 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6842 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a \"user-controlled pointer,\" aka \"Excel ADO Object Vulnerability.\""
},
{
"lang": "es",
"value": "Office Excel 2002 SP3, 2007 SP1 y SP2; Office 2004 para Mac; Office 2008 para Mac; Open XML File Format Converter para Mac; y Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, de Microsoft; permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Excel con registros DBQueryExt especialmente dise\u00f1ados que permiten una llamada de funci\u00f3n a un \"user-controlled pointer\", tambi\u00e9n se conoce como \"Excel ADO Object Vulnerability\"."
}
],
"id": "CVE-2010-1253",
"lastModified": "2024-11-21T01:13:59.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-08T20:30:02.303",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/65228"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/511728/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-103"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511728/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6842"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-09 11:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/84026 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1035206 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1035207 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-029 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84026 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035206 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035207 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-029 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps_server | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "84149DF3-54BA-4738-9386-6C29B4E9448F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services en SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2 y Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0134",
"lastModified": "2024-11-21T02:41:08.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-09T11:59:35.640",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/84026"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1035206"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1035207"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-029"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/93996 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93996 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel para Mac 2011, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7231",
"lastModified": "2024-11-21T02:57:44.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:44.407",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/93996"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/93994 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93994 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7228",
"lastModified": "2024-11-21T02:57:44.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:41.190",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/93994"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-09 00:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033488 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | ||
| secure@microsoft.com | https://www.exploit-db.com/exploits/38216/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033488 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/38216/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "3C4CFF7E-7170-4A6B-9A59-9815EE896C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad en Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3 y Excel Viewer, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability.\u0027"
}
],
"id": "CVE-2015-2521",
"lastModified": "2024-11-21T02:27:32.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-09T00:59:33.300",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"source": "secure@microsoft.com",
"url": "https://www.exploit-db.com/exploits/38216/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/38216/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_2000 | * | |
| microsoft | .net_framework | 1.1 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_reporting_services | 2000 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_groove | 2007 | |
| microsoft | office_groove | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_word_viewer | * | |
| microsoft | project | 2002 | |
| microsoft | visio | 2002 | |
| microsoft | word_viewer | 2003 | |
| microsoft | word_viewer | 2003 | |
| microsoft | works | 8.5 | |
| microsoft | platform_sdk | * | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio_.net | 2003 | |
| microsoft | visual_studio_.net | 2005 | |
| microsoft | forefront_client_security | 1.0 | |
| microsoft | visual_foxpro | 8.0 | |
| microsoft | visual_foxpro | 9.0 | |
| microsoft | windows_2000 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
"matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
"matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
"matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en las API no especificadas en GDI+ en .NET Framework versi\u00f3n 1.1 SP1, .NET Framework versi\u00f3n 2.0 SP1 y SP2, Windows XP SP2 y SP3, Windows Server 2003 SP2, Vista versi\u00f3n Gold y SP1, Server 2008 versi\u00f3n Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 versi\u00f3n Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 versi\u00f3n Gold, SP1 y SP2, Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web 2, Groove 2007 versi\u00f3n Gold y SP1, Works versi\u00f3n 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 versi\u00f3n Gold y SP1 y Forefront Client Security versi\u00f3n 1.0, de Microsoft, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de (1) una aplicaci\u00f3n de navegador XAML dise\u00f1ada (XBAP), (2) una aplicaci\u00f3n de ASP.NET dise\u00f1ada o (3) una aplicaci\u00f3n de .NET Framework dise\u00f1ada, tambi\u00e9n se conoce como \"GDI+ .NET API Vulnerability\"."
}
],
"id": "CVE-2009-2504",
"lastModified": "2024-11-21T01:05:02.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-14T10:30:01.437",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-11 10:59
Modified
2024-11-21 02:22
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1031896 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | web_applications | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "BB0CF266-A7EE-474A-B3D3-4A7FE33F4C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "DC25ACD6-8F48-4534-AF7B-53F0D10C0843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:gold:*:*:*",
"matchCriteriaId": "8252ABD2-4FC5-4C7F-9A73-625B47EA980B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*",
"matchCriteriaId": "90DBE271-001E-4783-86F5-E14977F95F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AC93E283-E88A-41F1-90B6-CD256FF02F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:rt_gold:*:*:*",
"matchCriteriaId": "004A33A3-2DE6-4DEE-9350-BE0C233F4A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold y SP1, Word 2013 RT Gold y SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold y SP1, Web Applications 2010 SP2, y Web Apps Server 2013 Gold y SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento RTF manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la corrupci\u00f3n de memoria de Microsoft Office.\u0027"
}
],
"id": "CVE-2015-0086",
"lastModified": "2024-11-21T02:22:20.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-11T10:59:13.347",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1031896"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-11 01:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/89962 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1035819 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/89962 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035819 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3 y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0198",
"lastModified": "2024-11-21T02:41:15.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-11T01:59:41.230",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/89962"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1035819"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/89962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-13 18:55
Modified
2024-11-21 01:23
Severity ?
Summary
Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://osvdb.org/71759 | ||
| secure@microsoft.com | http://secunia.com/advisories/39122 | Vendor Advisory | |
| secure@microsoft.com | http://secunia.com/secunia_research/2011-32/ | Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/bid/47235 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1025337 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2011/0940 | Vendor Advisory | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/71759 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39122 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2011-32/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47235 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0940 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:-:-:x64:*:*:*:*:*",
"matchCriteriaId": "A7870548-E23F-469A-B205-BB30E49718B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9AEBCD21-942F-44A9-B77E-8FC944F969F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Un error en la propiedad signedness de un entero en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP2, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo XLS con un gran tama\u00f1o de registro, tambi\u00e9n se conoce como \"Excel Heap Overflow Vulnerability.\""
}
],
"id": "CVE-2011-0098",
"lastModified": "2024-11-21T01:23:19.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-13T18:55:01.127",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/71759"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39122"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-32/"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/47235"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/71759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-32/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94660 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94660 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2022-03-24",
"cisaExploitAdd": "2022-03-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Office Security Feature Bypass Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "BF89FEC4-936E-4226-94F9-2BD0CB0CA09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAAF38A-FE97-40FC-9BBF-763785853DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos asistidos por usuario ejecutar comandos arbitrarios a trav\u00e9s de una c\u00e9lula manipulada que se maneja incorrectamente con un clic, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Security Feature Bypass Vulnerability\"."
}
],
"id": "CVE-2016-7262",
"lastModified": "2024-11-21T02:57:48.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:00.373",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94660"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102460 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102460 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este CVE es diferente de CVE-2018-0804, CVE-2018-0805 y CVE-2018-0807."
}
],
"id": "CVE-2018-0806",
"lastModified": "2024-11-21T03:38:59.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.930",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102460"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-12 23:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1035524 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1035525 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | ||
| secure@microsoft.com | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035524 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035525 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_foundation | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3E93E7B-E61E-4755-8AE8-C333E6144655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services en SharePoint Server 2007 SP3 y Excel Services en SharePoint Server 2010 SP2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0136",
"lastModified": "2024-11-21T02:41:08.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T23:59:08.587",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1035524"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034975 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1034976 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034975 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1 y SharePoint Server 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0053",
"lastModified": "2024-11-21T02:41:00.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-10T11:59:17.377",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034975"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94671 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94671 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7290."
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word para Mac 2011, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible desde la memoria de proceso o provocar una denegaci\u00f3n de servicio (lectura fuera de rango) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\", una vulnerabilidad diferente a CVE-2016-7290."
}
],
"id": "CVE-2016-7291",
"lastModified": "2024-11-21T02:57:51.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:01.327",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94671"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-09 00:55
Modified
2024-11-21 01:34
Severity ?
Summary
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/49111 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/53344 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027035 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029 | ||
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/75122 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49111 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/53344 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027035 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/75122 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "262BC12C-246A-41AB-A08D-3D205156F074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"RTF Mismatch Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2003 SP3 y 2007 SP2 y SP3, Office 2008 y 2011 para Mac, y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) mediante datos RTF manipulados, tambi\u00e9n conocido como \"Vulnerabilidad RTF\""
}
],
"id": "CVE-2012-0183",
"lastModified": "2024-11-21T01:34:32.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-09T00:55:01.867",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/49111"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/53344"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027035"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75122"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3365.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/92799 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1036785 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92799 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036785 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_online_server | * | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_designer | 2010 | |
| microsoft | sharepoint_designer | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6404DAF-34CC-47A0-B711-87EAC662FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3E93E7B-E61E-4755-8AE8-C333E6144655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "511A4ED3-E85C-4C95-B128-841220D1F79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "304608B5-63CB-4F95-9C5B-2D5EFA83BC36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3365."
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Automation Services en SharePoint Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\", una vulnerabilidad diferente a CVE-2016-3365."
}
],
"id": "CVE-2016-3362",
"lastModified": "2024-11-21T02:49:51.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-14T10:59:36.390",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/92799"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "00A48B3D-7639-4F74-83CB-79D951458C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "8A4BC977-9CE3-4E6A-BEBB-0FFBDD975722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2003 SP3, 2007 SP3, y 2010 SP1 y SP2; Office Compatibility Pack SP3; y Word Viewer permiten a un atacante remoto ejecutar c\u00f3digo a discrecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambien conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Word\"."
}
],
"id": "CVE-2013-3850",
"lastModified": "2024-11-21T01:54:25.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.237",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-22 23:29
Modified
2024-11-21 03:39
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102746 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102746 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2018-0805, CVE-2018-0806 y CVE-2018-0807."
}
],
"id": "CVE-2018-0845",
"lastModified": "2024-11-21T03:39:04.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-22T23:29:00.350",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102746"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 01:59
Modified
2024-11-21 02:27
Severity ?
Summary
Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-15-516 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-15-516 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x32:*:*:*:*:*",
"matchCriteriaId": "75275F99-A072-4485-85E6-B4F61A6E4D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "C3E21DE5-D215-45E1-A89E-E5D23EB4667A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Excel Viewer, Office Compatibility Pack SP3 y Excel Services en SharePoint Server 2007 SP3, 2010 SP2 y 2013 SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un elemento fileVersion largo en un documento Office, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2015-2558",
"lastModified": "2024-11-21T02:27:36.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-14T01:59:13.123",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033803"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-13 18:55
Modified
2024-11-21 01:24
Severity ?
Summary
Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id?1025340 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2011/0941 | Vendor Advisory | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025340 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0941 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | open_xml_file_format_converter | * | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint_viewer | 2007 | |
| microsoft | powerpoint_web_app | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:*:x32:*:*:*:*:*",
"matchCriteriaId": "D538369B-469B-4D57-908F-330A1DDC9045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:*:x64:*:*:*:*:*",
"matchCriteriaId": "23D7A3B7-F86D-4C59-9BF5-D359361BAA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "55EC7732-2576-4AA8-9893-B9869D61681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_web_app:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870A8521-2151-4D01-B067-1707D2064BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka \"Floating Point Techno-color Time Bandit RCE Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft PowerPoint 2007 SP2 y 2010; Office 2004, 2008, y 2011 for Mac; Open XML File Format Converter para Mac; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; y PowerPoint Web App no valida adecuadamente los registros imeColorBehaviorContainer Floating Point en documentos PowerPoint, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento manipulado que contiene un registro incorrecto. Tambi\u00e9n conocida como \"Floating Point Techno-color Time Bandit RCE Vulnerability.\""
}
],
"id": "CVE-2011-0655",
"lastModified": "2024-11-21T01:24:33.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-13T18:55:01.313",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1025340"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0941"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/96052 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038010 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96052 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053."
},
{
"lang": "es",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3 y Word 2010 SP2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052 y CVE-2017-0053."
}
],
"id": "CVE-2017-0031",
"lastModified": "2024-11-21T03:02:12.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T00:59:00.930",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96052"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C86EA4A-7108-4A3A-A447-19CB3CA76B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "D133FB73-C7F6-481C-B050-C242C771ED21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "858F70F4-3128-477D-ACAA-73F0AFA23A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55C05DB1-03DC-454B-85E5-715938F0E13E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858."
},
{
"lang": "es",
"value": "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento de Office manipulado. Aka \"Word Memory Corruption Vulnerability\", una vulnerabilidad diferente de CVE-2013-3848, CVE-2013-3849, y CVE-2013-3858."
}
],
"id": "CVE-2013-3847",
"lastModified": "2024-11-21T01:54:24.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.210",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-10 19:00
Modified
2024-11-21 01:25
Severity ?
Summary
Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft | ||
| cve@mitre.org | http://secunia.com/advisories/39122 | ||
| cve@mitre.org | http://secunia.com/advisories/43232 | ||
| cve@mitre.org | http://securityreason.com/securityalert/8231 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1025337 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0940 | ||
| cve@mitre.org | http://zerodayinitiative.com/advisories/ZDI-11-042/ | ||
| cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39122 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43232 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8231 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0940 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://zerodayinitiative.com/advisories/ZDI-11-042/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9AEBCD21-942F-44A9-B77E-8FC944F969F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka \"Excel Array Indexing Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Microsoft Office Excel permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con un registro de propiedades de eje, y el incremento indebido de un \u00edndice de matriz."
}
],
"id": "CVE-2011-0978",
"lastModified": "2024-11-21T01:25:13.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-10T19:00:01.910",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39122"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43232"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8231"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0940"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-042/"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-042/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-12 23:30
Modified
2024-11-21 00:50
Severity ?
Summary
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://marc.info/?l=bugtraq&m=122703006921213&w=2 | ||
| secure@microsoft.com | http://marc.info/?l=bugtraq&m=122703006921213&w=2 | ||
| secure@microsoft.com | http://securitytracker.com/id?1021164 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/32204 | Patch | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA08-316A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2008/3111 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=122703006921213&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=122703006921213&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1021164 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32204 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-316A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/3111 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | xml_core_services | 4.0 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_7 | * | |
| microsoft | windows_7 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | xml_core_services | 3.0 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | xml_core_services | 6.0 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | xml_core_services | 5.0 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | groove | 2007 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_word_viewer | 2003 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73052210-0B42-46AA-9F28-AAE3E9B6DE87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4170FCB7-274C-4318-B7A1-8F18DE604A2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "ABBA5D64-4184-4420-B7D0-A4E41359AA5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B91A0AA-44C0-4ED8-A7AC-54C9C83FFEFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "355F60DB-EC9A-4054-8023-BD16D5723C9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DC2480-5B8D-4E96-BD54-17561B1FFE7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C0BBD1BF-B54F-41C7-AB52-0B93E647C98D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "864B622E-B522-4791-AC82-0711130544BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CF3C2971-447B-4054-86C6-3169B82E525B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka \"MSXML Header Request Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expression Web, Office, Internet Explorer y otros productos; permite a atacantes remotos obtener informaci\u00f3n sensible de otro dominio y corromper el estado de la sesi\u00f3n a trav\u00e9s de solicitudes de campos de cabecera HTTP, como se ha demostrado con el campo Transfer-Encoding. Tambi\u00e9n se conoce como \"Vulnerabilidad de la solicitud de la cabecera MSXML\"."
}
],
"id": "CVE-2008-4033",
"lastModified": "2024-11-21T00:50:43.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-12T23:30:02.727",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1021164"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32204"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/3111"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-09 19:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104035 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040857 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104035 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040857 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE41A84-9FE6-4227-87FA-6D909A6CA161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Excel cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Esto afecta a Microsoft Excel y Microsoft Office. El ID de este CVE es diferente de CVE-2018-8148 y CVE-2018-8162."
}
],
"id": "CVE-2018-8147",
"lastModified": "2024-11-21T04:13:20.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-09T19:29:02.043",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104035"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040857"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-15 17:29
Modified
2024-11-21 04:13
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104996 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104996 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | office_word_viewer | - | |
| microsoft | sharepoint_enterprise_server_2013 | - | |
| microsoft | sharepoint_enterprise_server_2016 | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word_automation_services | - | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server_2013:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8725A383-4813-4220-8D2E-4CB86D0EC119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67F75889-16AE-44C3-85C9-818A856A0D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el software de Microsoft Office lee memoria fuera de l\u00edmites debido a una variable no inicializada, lo que podr\u00eda divulgar los contenidos de memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Information Disclosure Vulnerability\". Esto afecta a Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint y Microsoft Office."
}
],
"id": "CVE-2018-8378",
"lastModified": "2024-11-21T04:13:42.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-15T17:29:07.267",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104996"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-10 01:59
Modified
2024-11-21 02:26
Severity ?
Summary
Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/75014 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1032523 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75014 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032523 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Compatibility Pack SP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de OFFice manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la corrupci\u00f3n de memoria de Microsoft Office.\u0027"
}
],
"id": "CVE-2015-1759",
"lastModified": "2024-11-21T02:26:04.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-10T01:59:31.373",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/75014"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032523"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18065 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2003 y 2007, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento de Office manipulado. Aka \"Word Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2013-3855",
"lastModified": "2024-11-21T01:54:25.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.280",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18065"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-11 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/59867 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/70962 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1031189 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59867 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70962 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031189 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | office_word_viewer | * | |
| microsoft | word | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Bad Index Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto de indice malo de Microsoft Office.\u0027"
}
],
"id": "CVE-2014-6334",
"lastModified": "2024-11-21T02:14:11.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-11T22:55:05.297",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/59867"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/70962"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-11 04:56
Modified
2024-11-21 02:06
Severity ?
Summary
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka "Embedded Font Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx | Vendor Advisory | |
| secure@microsoft.com | http://secunia.com/advisories/58551 | Permissions Required | |
| secure@microsoft.com | http://www.securityfocus.com/bid/67896 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1030383 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58551 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67896 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030383 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka \"Embedded Font Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3 y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una fuente embebida manipulada en un documento (1) .doc o (2) .docx, tambi\u00e9n conocido como \u0027Vulnerabilidad de Fuente Embebida.\u0027"
}
],
"id": "CVE-2014-2778",
"lastModified": "2024-11-21T02:06:56.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-11T04:56:20.727",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx"
},
{
"source": "secure@microsoft.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/58551"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67896"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030383"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/58551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:13
Modified
2024-11-21 02:01
Severity ?
Summary
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1029598 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1029599 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029598 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029599 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2003 SP3 y 2007 SP3, Office Compatibility Pack SP3 y Word Viewer permite a atacantes remotos ejecutar c\u00f3digo d eforma arbitraria o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambien conocido como \"Word Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2014-0258",
"lastModified": "2024-11-21T02:01:46.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-15T16:13:03.837",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-15 17:29
Modified
2024-11-21 04:13
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105000 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041463 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105000 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041463 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "14F42778-339E-4949-A43D-6E74FA9C0F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_2013_rt:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CFE1C2-891F-4A90-8912-82D2F2132A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac:*:*",
"matchCriteriaId": "AE116A39-963D-43E2-A21B-782271C4F63C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft Excel no muestra correctamente los contenidos de su memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Information Disclosure Vulnerability\". Esto afecta a Microsoft Excel Viewer, Microsoft Office y Microsoft Excel."
}
],
"id": "CVE-2018-8382",
"lastModified": "2024-11-21T04:13:43.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-15T17:29:07.737",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105000"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041463"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-14 00:55
Modified
2024-11-21 01:37
Severity ?
Summary
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/56425 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027752 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-318A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | ||
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/78072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56425 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027752 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-318A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/78072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "84CD3A20-1082-4685-98B0-3492228F869E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x86:*:*:*:*:*",
"matchCriteriaId": "A66E94C7-8F97-4B64-83AC-BE0F7C2F5953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel SerAuxErrBar Heap Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Office 2008 y 2011 para Mac; y Office Compatibility Pack SP2 y SP3 ,permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una hoja de c\u00e1lculo manipulada.Tambi\u00e9n conocido como \"Excel SerAuxErrBar Heap Overflow Vulnerability.\""
}
],
"id": "CVE-2012-1885",
"lastModified": "2024-11-21T01:37:58.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-14T00:55:01.247",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/56425"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027752"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94672 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94672 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word para Mac 2011, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible desde la memoria de proceso o provocar una denegaci\u00f3n de servicio (lectura de rango) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2016-7268",
"lastModified": "2024-11-21T02:57:49.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:00.593",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94672"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-22 23:29
Modified
2024-11-21 03:39
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102748 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102748 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2018-0805, CVE-2018-0806 y CVE-2018-0807."
}
],
"id": "CVE-2018-0849",
"lastModified": "2024-11-21T03:39:05.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-22T23:29:00.457",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102748"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102406 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102406 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C0BD17-4324-4DFF-9804-1825C4C182A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A5D3A185-BE57-403E-914E-FDECEC3A477C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
},
{
"lang": "es",
"value": "Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permiten una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestiona el contenido RTF. Esto tambi\u00e9n se conoce como \"Microsoft Word Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2018-0797",
"lastModified": "2024-11-21T03:38:58.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.680",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102406"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94769 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94769 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel para Mac 2011 y Excel 2016 para Mac permiten a atacantes remotos obtener informaci\u00f3n sensible desde la memoria de proceso o provocar una denegaci\u00f3n de servicio (lectura fuera de rango) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2016-7264",
"lastModified": "2024-11-21T02:57:48.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:00.437",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94769"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-11 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/99441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038851 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038851 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2011 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:mac:*:*:*:*:*",
"matchCriteriaId": "447CCA6E-9955-4771-82DD-925380F3C439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C0BD17-4324-4DFF-9804-1825C4C182A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "993E5C5C-4C78-4CDA-BF67-5A35814EF621",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502."
},
{
"lang": "es",
"value": "Microsoft Office permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que gestiona los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-8502."
}
],
"id": "CVE-2017-8501",
"lastModified": "2024-11-21T03:34:08.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-11T21:29:00.640",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99441"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038851"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102348 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102348 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Remote Code Execution Vulnerability\"."
}
],
"id": "CVE-2018-0801",
"lastModified": "2024-11-21T03:38:58.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.790",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102348"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/92804 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1036785 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92804 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036785 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_online_server | * | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_designer | 2010 | |
| microsoft | sharepoint_designer | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6404DAF-34CC-47A0-B711-87EAC662FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3E93E7B-E61E-4755-8AE8-C333E6144655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "511A4ED3-E85C-4C95-B128-841220D1F79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "304608B5-63CB-4F95-9C5B-2D5EFA83BC36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3362."
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Automation Services en SharePoint Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\", una vulnerabilidad diferente a CVE-2016-3362."
}
],
"id": "CVE-2016-3365",
"lastModified": "2024-11-21T02:49:52.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-14T10:59:39.797",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92804"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18246 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office 2003 SP3 y 2007 SP3, Word 2003 SP3 y 2007 SP3, Office Compatibility Pack SP3 y Word Viewer permiten a un atacante remoto ejecutar c\u00f3digo a discrecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambien conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Word\"."
}
],
"id": "CVE-2013-3851",
"lastModified": "2024-11-21T01:54:25.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.247",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18246"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-13 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105219 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041630 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105219 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041630 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE41A84-9FE6-4227-87FA-6D909A6CA161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft Excel no muestra correctamente los contenidos de su memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Information Disclosure Vulnerability\". Esto afecta a Microsoft Excel Viewer, Microsoft Office y Microsoft Excel."
}
],
"id": "CVE-2018-8429",
"lastModified": "2024-11-21T04:13:48.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-13T00:29:03.160",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105219"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041630"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8429"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/93995 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93995 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7229",
"lastModified": "2024-11-21T02:57:44.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:42.330",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93995"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-14 02:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/93372 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1036984 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93372 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036984 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2022-03-24",
"cisaExploitAdd": "2022-03-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Office Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2011:*:*:*:*:macos:*:*",
"matchCriteriaId": "126AF471-BF9D-4872-BAD3-A9DC9D89686D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "D7A48E44-F01A-40AD-B8AF-8FE368248003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:macos:*:*",
"matchCriteriaId": "D38DF237-5D93-4705-B922-BE759C5102F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC45CB0-6C84-46D3-B16D-170D46822E54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services en SharePoint Server 2010 SP2, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un documento RTF manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7193",
"lastModified": "2024-11-21T02:57:40.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-14T02:59:38.013",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93372"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036984"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102370 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html | Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102370 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Office Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2018-0798",
"lastModified": "2024-11-21T03:38:58.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.713",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102370"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/96741 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038010 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96741 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_server | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053."
},
{
"lang": "es",
"value": "Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer y Excel Services on SharePoint Server 2007 SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031 y CVE-2017-0053."
}
],
"id": "CVE-2017-0052",
"lastModified": "2024-11-21T03:02:14.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T00:59:01.367",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96741"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-25 13:24
Modified
2024-12-19 19:32
Severity ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://technet.microsoft.com/security/advisory/2953095 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://technet.microsoft.com/security/advisory/2953095 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | - |
{
"cisaActionDue": "2022-08-15",
"cisaExploitAdd": "2022-02-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Word Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:*:*:*:macos:*:*",
"matchCriteriaId": "BCB90D64-B7B2-4301-91E3-A113569371F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "993E5C5C-4C78-4CDA-BF67-5A35814EF621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:-:*:*:*",
"matchCriteriaId": "E4CD4956-7280-4187-B613-A97B4B32941C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:rt:*:*:*",
"matchCriteriaId": "3C81544A-00F9-4B20-B679-CFE60D5B23CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "D7A48E44-F01A-40AD-B8AF-8FE368248003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC45CB0-6C84-46D3-B16D-170D46822E54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014."
},
{
"lang": "es",
"value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013 y 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office para Mac 2011; Word Automation Services en SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2 y Office Web Apps Server 2013 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de datos RTF manipulados, tal y como fue explotado en marzo 2014."
}
],
"id": "CVE-2014-1761",
"lastModified": "2024-12-19T19:32:14.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2014-03-25T13:24:01.067",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2953095"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2953095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2024-11-21 01:25
Severity ?
Summary
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | open_xml_file_format_converter | * | |
| microsoft | powerpoint | 2002 | |
| microsoft | powerpoint | 2003 | |
| microsoft | powerpoint | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "34C63AE5-4584-4A51-B20D-36FA6DE01C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1778A4FF-FF69-403C-A607-6777AE685A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B9B8A17F-9A70-43A1-95E8-6554F73B9AEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"Presentation Memory Corruption RCE Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, y 2007 SP2; Office 2004 y 2008 para Mac; Open XML File Format Converter for Mac; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 hace llamadas a funciones no especificadas durante el parseo de archivos sin manejar adecuadamente la memoria, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de documentos PoerPoint manipulados, tambi\u00e9n conocido como \"Presentation Memory Corruption RCE Vulnerability.\""
}
],
"id": "CVE-2011-1269",
"lastModified": "2024-11-21T01:25:57.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-13T17:05:41.970",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-14 12:29
Modified
2024-11-21 04:13
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104322 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041109 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104322 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041109 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAAF38A-FE97-40FC-9BBF-763785853DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft Excel no muestra correctamente los contenidos de su memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Information Disclosure Vulnerability\". Esto afecta a Microsoft Excel Viewer, Microsoft Office y Microsoft Excel."
}
],
"id": "CVE-2018-8246",
"lastModified": "2024-11-21T04:13:29.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-14T12:29:02.397",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104322"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041109"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/96043 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038010 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96043 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Services en SharePoint Server 2013 SP1 permiten a atacantes remotos obtener informaci\u00f3n sensible de la memoria de proceso a trav\u00e9s de un documento de Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2017-0027",
"lastModified": "2024-11-21T03:02:12.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T00:59:00.837",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96043"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-11 18:47
Modified
2024-11-21 01:15
Severity ?
Summary
Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka "Word RTF Parsing Buffer Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-222A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-222A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F02894C4-57A7-45FE-B9D2-1A0EE3ABA455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "262BC12C-246A-41AB-A08D-3D205156F074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka \"Word RTF Parsing Buffer Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Microsoft Office Word 2002 SP3, 2003 SP3, y 2007 SP2; Microsoft Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Word Viewer; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de propiedades sin especificar en los datos de un documento RTF manipulado, tambien conocido como \"Vulnerabilidad Word RTF Parsing Buffer Overflow\""
}
],
"id": "CVE-2010-1902",
"lastModified": "2024-11-21T01:15:25.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-11T18:47:50.327",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-15 03:29
Modified
2024-11-21 03:08
Severity ?
Summary
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/101756 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039783 | Issue Tracking, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101756 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039783 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Excel Memory Corruption Vulnerability\"."
},
{
"lang": "es",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3 y Microsoft Excel Viewer 2007 Service Pack 3 permiten que un atacante ejecute c\u00f3digo arbitrario en el contexto del usuario actual cuando no se gestionan correctamente los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2017-11878",
"lastModified": "2024-11-21T03:08:40.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-15T03:29:01.797",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101756"
},
{
"source": "secure@microsoft.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"source": "secure@microsoft.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-09 18:09
Modified
2024-11-21 01:46
Severity ?
Summary
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA13-008A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA13-008A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | xml_core_services | 3.0 | |
| microsoft | xml_core_services | 4.0 | |
| microsoft | xml_core_services | 6.0 | |
| microsoft | windows_7 | - | |
| microsoft | windows_7 | - | |
| microsoft | windows_8 | - | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | - | |
| microsoft | xml_core_services | 4.0 | |
| microsoft | xml_core_services | 6.0 | |
| microsoft | windows_7 | - | |
| microsoft | windows_rt | - | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | xml_core_services | 5.0 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | groove_server | 2007 | |
| microsoft | groove_server | 2007 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73052210-0B42-46AA-9F28-AAE3E9B6DE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4170FCB7-274C-4318-B7A1-8F18DE604A2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*",
"matchCriteriaId": "DE8E7D74-0DCB-4633-B502-EDC2112229BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64:*:*:*:*:*",
"matchCriteriaId": "17734480-66E4-488E-87A6-852CA3E4E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4170FCB7-274C-4318-B7A1-8F18DE604A2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC7A32C-4A4A-4533-B42E-350E728ADFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "32C28EC2-8A34-4E30-A76A-86921D7332C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B91A0AA-44C0-4ED8-A7AC-54C9C83FFEFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CE0C80DA-FA6F-42A5-8A81-E1DBF8A6117E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:groove_server:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8D61B21F-E1A1-421A-BA3E-5D0D294A4325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:groove_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "11874823-F6B3-4948-9A7B-FA903EF31005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9C24FB09-DBAD-4F62-BBD6-B81B9EC83D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka \"MSXML XSLT Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft XML Core Services (tambi\u00e9n conocido como MSXML) v4.0, v5.0 y v6.0 no analiza correctamente el contenido XML, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una p\u00e1gina web dise\u00f1ada, tambi\u00e9n conocido como \"Vulnerabilidad de MSXML XSLT.\""
}
],
"id": "CVE-2013-0007",
"lastModified": "2024-11-21T01:46:46.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-09T18:09:40.227",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-15 03:29
Modified
2024-11-21 03:08
Severity ?
Summary
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/101746 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039795 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101746 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039795 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
},
{
"lang": "es",
"value": "Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2 y Microsoft Office Compatibility Pack Service Pack 3 permiten que un atacante ejecute c\u00f3digo arbitrario en el contexto del usuario actual al no gestionar correctamente los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \"Microsoft Word Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2017-11854",
"lastModified": "2024-11-21T03:08:38.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-15T03:29:01.217",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101746"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039795"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-13 19:00
Modified
2024-11-21 01:18
Severity ?
Summary
Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-285A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-285A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Real Time Data Array Record Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2002 SP3 y 2007 SP2; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, and PowerPoint 2007 File Formats SP2 no valida adecuadamente los registros de informacio\u00b4n, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de documentos Excel manipulados, conocido como \"Vulnerabildad de registro de array en tiempo real.\""
}
],
"id": "CVE-2010-3240",
"lastModified": "2024-11-21T01:18:20.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-10-13T19:00:46.040",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/92791 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1036785 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| secure@microsoft.com | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92791 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036785 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_online_server | * | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_designer | 2010 | |
| microsoft | sharepoint_designer | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6404DAF-34CC-47A0-B711-87EAC662FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3E93E7B-E61E-4755-8AE8-C333E6144655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "511A4ED3-E85C-4C95-B128-841220D1F79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "304608B5-63CB-4F95-9C5B-2D5EFA83BC36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Automation Services en SharePoint Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-3358",
"lastModified": "2024-11-21T02:49:51.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-14T10:59:32.013",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/92791"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-09 00:55
Modified
2024-11-21 01:34
Severity ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/49112 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/53375 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027041 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| secure@microsoft.com | http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/75117 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49112 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/53375 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/75117 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96EBA20F-201E-43AA-9F83-B73FB31696C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "3FCF826B-7041-4304-95B4-5781334E9144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel SXLI Record Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una hoja de c\u00e1lculo hecha a mano, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria en Excel SXLI Record\""
}
],
"id": "CVE-2012-0184",
"lastModified": "2024-11-21T01:34:32.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-09T00:55:01.913",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/49112"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/53375"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75117"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-09 00:55
Modified
2024-11-21 01:34
Severity ?
Summary
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/49112 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027041 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/75118 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49112 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/75118 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96EBA20F-201E-43AA-9F83-B73FB31696C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka \"Excel MergeCells Record Heap Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en Microsoft Excel 2007 SP2 y SP3 y 2010 Gold y SP1, Excel Viewer, y Office Compatibility Pack SP2 y SP3, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una hoja de c\u00e1lculo manipulada que provoca el manejo incorrecto de la memoria durante su apertura, tambi\u00e9n conocido como \"Excel MergeCells Record Heap Overflow Vulnerability.\""
}
],
"id": "CVE-2012-0185",
"lastModified": "2024-11-21T01:34:32.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-09T00:55:01.943",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/49112"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75118"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/96740 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038010 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96740 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_server | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053."
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer y Excel Services on SharePoint Server 2007 SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052 y CVE-2017-0053."
}
],
"id": "CVE-2017-0006",
"lastModified": "2024-11-21T03:02:09.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T00:59:00.227",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96740"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:13
Modified
2024-11-21 02:01
Severity ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1029598 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1029599 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029598 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029599 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "993E5C5C-4C78-4CDA-BF67-5A35814EF621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8E95D3-C62D-41D2-8B3A-032FEA6B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2003 Service Pack 3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; cOffice Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2, y Office Web Apps Server 2013 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupcion de memoria Word\""
}
],
"id": "CVE-2014-0260",
"lastModified": "2024-11-21T02:01:46.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-15T16:13:03.883",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-16 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1036093 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos obtener informaci\u00f3n sensible de la memoria del proceso a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability.\""
}
],
"id": "CVE-2016-3234",
"lastModified": "2024-11-21T02:49:38.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-16T01:59:36.107",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036093"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034976 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3E93E7B-E61E-4755-8AE8-C333E6144655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Services en SharePoint Server 2013 SP1 y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0054",
"lastModified": "2024-11-21T02:41:00.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-10T11:59:18.643",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | office_web_apps | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "E03BB51F-14CE-4FFC-ADCD-15B5B694563B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858."
},
{
"lang": "es",
"value": "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar denegaci\u00f3n de servicio (corrupcion de memoria) a trav\u00e9s de un documento de Office manipulado . Conocido tambi\u00e9n como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Word\". Vulnerabilidad diferente a CVE-2013-3847, CVE-2013-3848, y CVE-2013-3858."
}
],
"id": "CVE-2013-3849",
"lastModified": "2024-11-21T01:54:24.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.227",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-14 00:55
Modified
2024-11-21 01:37
Severity ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/56426 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027752 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-318A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | ||
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/78073 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56426 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027752 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-318A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/78073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "84CD3A20-1082-4685-98B0-3492228F869E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x86:*:*:*:*:*",
"matchCriteriaId": "A66E94C7-8F97-4B64-83AC-BE0F7C2F5953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Excel Viewer; y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos a ejecutar c\u00f3digo provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una hoja de c\u00e1lculo manipulada, tambi\u00e9n conocido como \"Excel Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2012-1886",
"lastModified": "2024-11-21T01:37:58.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-14T00:55:01.297",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/56426"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027752"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78073"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-10 22:30
Modified
2024-11-21 01:11
Severity ?
Summary
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/archive/1/509979/100/0/threaded | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1023698 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-10-025/ | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/509979/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-10-025/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E8A9B86A-21B8-4E2F-9DB8-1D1DFE718A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69286E7D-BA6E-479F-A9B3-2B9F54663847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka \"Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel 2007 SP1 y SP2; Office 2008 para Mac; Open XML File Format Converter para Mac; Office Excel Viewer SP1 y SP2; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2; y Office SharePoint Server 2007 SP1 y SP2 no validan las cabeceras ZIP durante la descompresi\u00f3n de documentos Open XML (.XLSX), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documentos manipulado que provoca el acceso a una ubicaci\u00f3n de memoria sin inicializar. Tambi\u00e9n conocida como \"Vulnerabilidad Microsoft Office Excel XLSX File Parsing Code Execution\"."
}
],
"id": "CVE-2010-0263",
"lastModified": "2024-11-21T01:11:51.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-10T22:30:01.200",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/509979/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-025/"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509979/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-025/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8407"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-10 22:30
Modified
2024-11-21 01:11
Severity ?
Summary
Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id?1023698 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E8A9B86A-21B8-4E2F-9DB8-1D1DFE718A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69286E7D-BA6E-479F-A9B3-2B9F54663847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Microsoft Office Excel Record Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel v2002 SP3 no valida adecuadamente el formato de archivo Excel, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a atrav\u00e9s de una hoja de c\u00e1lculo manipulada, conocido tambi\u00e9n como \"Vulnerabilidad de corrupci\u00f3n de registro de memoria Microsoft Office Excel\"."
}
],
"id": "CVE-2010-0257",
"lastModified": "2024-11-21T01:11:51.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-10T22:30:01.043",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:00
Modified
2024-12-19 18:03
Severity ?
Summary
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://osvdb.org/54959 | Broken Link | |
| secure@microsoft.com | http://www.securityfocus.com/archive/1/504204/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securityfocus.com/bid/35188 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1022356 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-160A.html | Broken Link, Third Party Advisory, US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2009/1546 | Broken Link | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-09-035 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/54959 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/504204/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35188 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022356 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-160A.html | Broken Link, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1546 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-09-035 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | 2004 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | 2008 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_word_viewer | - | |
| microsoft | office_word_viewer | 2003 | |
| microsoft | open_xml_file_format_converter | - |
{
"cisaActionDue": "2022-06-22",
"cisaExploitAdd": "2022-06-08",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Office Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*",
"matchCriteriaId": "0B191155-67F2-4C6E-BD0C-AF5AF6F04BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*",
"matchCriteriaId": "421ACF1B-1B21-4416-98ED-BAA5C210EAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:-:*:*:*:*:macos:*:*",
"matchCriteriaId": "4BC69733-551E-4535-B851-4A3EF71E98CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka \"Word Buffer Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Office Word 2002 SP3, 2003 SP3 y 2007 SP1 y SP2 de Microsoft; Office para Mac 2004 y 2008 de Microsoft; Open XML File Format Converter para Mac; Office Word Viewer 2003 SP3 de Microsoft; Office Word Viewer de Microsoft; y Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Word con una etiqueta dise\u00f1ada que contiene un campo de longitud no v\u00e1lido, tambi\u00e9n se conoce como \"Word Buffer Overflow Vulnerability\"."
}
],
"id": "CVE-2009-0563",
"lastModified": "2024-12-19T18:03:17.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-06-10T18:00:00.313",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/54959"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/504204/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/35188"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022356"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1546"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-035"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/54959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/504204/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/35188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-13 19:00
Modified
2024-11-21 01:18
Severity ?
Summary
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/archive/1/514302/100/0/threaded | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-285A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/514302/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-285A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_web_apps | * | |
| microsoft | open_xml_file_format_converter | * | |
| microsoft | word | 2002 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | word_web_app | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D552A3DF-6611-4CF0-80CD-2CAF92B5C609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F02894C4-57A7-45FE-B9D2-1A0EE3ABA455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "262BC12C-246A-41AB-A08D-3D205156F074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:*:x32:*:*:*:*:*",
"matchCriteriaId": "96FEA479-CEB6-405A-A427-28ED3917450C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:*:x64:*:*:*:*:*",
"matchCriteriaId": "21D11545-A010-4385-A1E4-0DE6217782D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_web_app:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825B51D1-57F3-48F1-A0F3-DD5DA119E54E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Stack Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; y Word Web App permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de documentos Word manipulado, tambi\u00e9n conocido como \"Word Stack Overflow Vulnerability\"."
}
],
"id": "CVE-2010-3214",
"lastModified": "2024-11-21T01:18:17.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-10-13T19:00:44.557",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/514302/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514302/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-16 20:55
Modified
2024-11-21 01:25
Severity ?
Summary
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds Array Access Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12538 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12538 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Out of Bounds Array Access Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, y 2007 SP2; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 no validan adecuadamente la informaci\u00f3n de registro durante el an\u00e1lisis sint\u00e1ctico (parseo) de las hojas de c\u00e1lculo de Excel. Esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una hoja de c\u00e1lculo manipulada. Tambi\u00e9n se conoce como \"Vulnerabilidad de Salida de Rango en el Array de Acceso de Excel\""
}
],
"id": "CVE-2011-1274",
"lastModified": "2024-11-21T01:25:58.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-16T20:55:02.150",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12538"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-10 13:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105458 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041823 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105458 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041823 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | powerpoint_viewer | 2007 | |
| microsoft | word_viewer | - | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2019 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "C7FF377D-589F-447B-8495-64690832C582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "2D744C6F-DEFB-4EC5-B635-2EE7DC7C07F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC45CB0-6C84-46D3-B16D-170D46822E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que Microsoft Graphics Components gestiona los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Graphics Components Remote Code Execution Vulnerability\". Esto afecta a Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10 y Windows Server 2008."
}
],
"id": "CVE-2018-8432",
"lastModified": "2024-11-21T04:13:48.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-10T13:29:02.337",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105458"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98101 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038443 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98101 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038443 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_rt | 2013 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:mac:*:*:*:*:*",
"matchCriteriaId": "447CCA6E-9955-4771-82DD-925380F3C439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B12493-4287-4AAD-9A18-D3FC3FCBE172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "558B8B5E-125A-4370-A6E9-3CB75808D7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
},
{
"lang": "es",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office para Mac 2011, Office para Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services en Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016 y Word 2016, permiten una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota cuando el programa no puede manejar inapropiadamente los objetos en la memoria, tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-0264 y CVE-2017-0265."
}
],
"id": "CVE-2017-0254",
"lastModified": "2024-11-21T03:02:37.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-12T14:29:04.067",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98101"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038443"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-13 13:29
Modified
2024-11-21 03:08
Severity ?
Summary
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/101219 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039541 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html | Exploit | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/ | Broken Link, Technical Description, Third Party Advisory | |
| secure@microsoft.com | https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101219 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039541 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/ | Broken Link, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps_server | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | office_word_viewer | - | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{
"cisaActionDue": "2022-03-24",
"cisaExploitAdd": "2022-03-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Office Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C0BD17-4324-4DFF-9804-1825C4C182A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "84149DF3-54BA-4738-9386-6C29B4E9448F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "D7A48E44-F01A-40AD-B8AF-8FE368248003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory."
},
{
"lang": "es",
"value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 y 2013, Word Viewer, Word 2007, 2010, 2013 y 2016, Word Automation Services y Office Online Server permiten la ejecuci\u00f3n remota de c\u00f3digo cuando el software no gestiona correctamente objetos en la memoria."
}
],
"id": "CVE-2017-11826",
"lastModified": "2024-11-21T03:08:35.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-13T13:29:02.067",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101219"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039541"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit"
],
"url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Technical Description",
"Third Party Advisory"
],
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Technical Description",
"Third Party Advisory"
],
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-16 20:55
Modified
2024-11-21 01:25
Severity ?
Summary
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Insufficient Record Validation Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/48157 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48157 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Insufficient Record Validation Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, y 2007 SP2; Office 2004 y 2008 para Mac; el conversor de formato de fichero Open XML para Mac; Excel Viewer SP2; y el pack de compatibilidad Office para los formatos de archivo Word, Excel, y PowerPoint 2007 SP2 no validan apropiadamente las estructuras de registro durante el an\u00e1lisis (\"parseo\") de hojas de c\u00e1lculo Excel, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una hoja de c\u00e1lculo modificada. Tambi\u00e9n conocida como \"vulnerabilidad de validaci\u00f3n de registro insuficiente de Excel\"."
}
],
"id": "CVE-2011-1272",
"lastModified": "2024-11-21T01:25:58.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-16T20:55:02.087",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/48157"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12139"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-12 23:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1035525 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | ||
| secure@microsoft.com | https://www.exploit-db.com/exploits/39694/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035525 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/39694/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0122",
"lastModified": "2024-11-21T02:41:06.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T23:59:04.117",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"source": "secure@microsoft.com",
"url": "https://www.exploit-db.com/exploits/39694/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/39694/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-13 18:55
Modified
2024-11-21 01:23
Severity ?
Summary
Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka "Excel Integer Overrun Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://osvdb.org/71758 | ||
| secure@microsoft.com | http://secunia.com/advisories/39122 | Vendor Advisory | |
| secure@microsoft.com | http://secunia.com/secunia_research/2011-31 | Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/bid/47201 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1025337 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2011/0940 | Vendor Advisory | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/71758 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39122 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2011-31 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47201 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-102A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0940 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:-:-:x64:*:*:*:*:*",
"matchCriteriaId": "A7870548-E23F-469A-B205-BB30E49718B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9AEBCD21-942F-44A9-B77E-8FC944F969F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka \"Excel Integer Overrun Vulnerability.\""
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2, de Microsoft , permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una subcorriente 400h dise\u00f1ada en un archivo de Excel, que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, tambi\u00e9n se conoce como \"Excel Integer Overrun Vulnerability.\""
}
],
"id": "CVE-2011-0097",
"lastModified": "2024-11-21T01:23:19.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-13T18:55:01.080",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/71758"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39122"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-31"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/47201"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/71758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12612"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102373 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102373 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0792."
},
{
"lang": "es",
"value": "Microsoft Word en Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permiten una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este CVE es diferente de CVE-2018-0792."
}
],
"id": "CVE-2018-0794",
"lastModified": "2024-11-21T03:38:57.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.557",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102373"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-09 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034324 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6040",
"lastModified": "2024-11-21T02:34:20.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-12-09T11:59:00.107",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-14 20:59
Modified
2024-11-21 02:25
Severity ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032104 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032104 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, y Office Web Apps Server 2010 SP2 y 2013 SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en componentes de Microsoft Office.\u0027"
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2015-1650",
"lastModified": "2024-11-21T02:25:51.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-14T20:59:12.657",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-16 01:59
Modified
2024-11-21 02:40
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1036093 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E98AE986-FA31-4301-8025-E8915BA4AC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0025",
"lastModified": "2024-11-21T02:40:57.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-16T01:59:01.680",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036093"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-11 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104609 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041252 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104609 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041252 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_powerpoint_viewer | - | |
| microsoft | office_word_viewer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*",
"matchCriteriaId": "A1A868C4-0A58-4660-9492-1BADD99D8E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CAF125-B409-4209-AAF9-7EB795F09280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software de Microsoft Office cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Remote Code Execution Vulnerability\". Esto afecta a Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office y Microsoft Office Word Viewer."
}
],
"id": "CVE-2018-8281",
"lastModified": "2024-11-21T04:13:32.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-11T00:29:01.070",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104609"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041252"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94022 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_for_mac | 2011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B12493-4287-4AAD-9A18-D3FC3FCBE172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel para Mac 2011 y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7235",
"lastModified": "2024-11-21T02:57:45.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:48.330",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/94022"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102375 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040154 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102375 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040154 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:c2r:*:*:*:*:*:*",
"matchCriteriaId": "7B1DD13C-1F8C-4583-B267-36907732F2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791."
},
{
"lang": "es",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010 y Microsoft Outlook 2013 permiten una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se analizan los mensajes de email. Esto tambi\u00e9n se conoce como \"Microsoft Outlook Remote Code Execution Vulnerability\". Este CVE es diferente de CVE-2018-0791."
}
],
"id": "CVE-2018-0793",
"lastModified": "2024-11-21T03:38:57.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.523",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102375"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:39
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102463 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102463 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2018-0812",
"lastModified": "2024-11-21T03:39:00.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:01.010",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102463"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-15 00:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033239 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081 | ||
| secure@microsoft.com | https://www.exploit-db.com/exploits/37912/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033239 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/37912/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * | |
| microsoft | word_web_apps | 2010 | |
| microsoft | word_web_apps_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:*:*:*:mac:*:*",
"matchCriteriaId": "AA77823A-1112-49BE-A140-790E8816DAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac:*:*",
"matchCriteriaId": "AE116A39-963D-43E2-A21B-782271C4F63C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D7388C5-E104-436A-8772-57BEB82856DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "72A58760-C948-4CAC-A100-90AF1A047B71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad en Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office para Mac 2011, Office para Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services en SharePoint Server 2010 SP2 y 2013 SP1, Word Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability.\u0027"
}
],
"id": "CVE-2015-2468",
"lastModified": "2024-11-21T02:27:26.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-15T00:59:27.717",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1033239"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
},
{
"source": "secure@microsoft.com",
"url": "https://www.exploit-db.com/exploits/37912/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/37912/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 23:29
Modified
2024-11-21 04:17
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106897 | Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106897 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAAF38A-FE97-40FC-9BBF-763785853DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
"matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \u0027Microsoft Excel Information Disclosure Vulnerability\u0027."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft Excel no muestra correctamente los contenidos de su memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2019-0669",
"lastModified": "2024-11-21T04:17:04.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T23:29:02.350",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106897"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-12 01:29
Modified
2024-11-21 03:39
Severity ?
Summary
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103642 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040654 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103642 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040654 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Office renderiza los mensajes de email en formato RTF (Rich Text Format) que contienen objetos OLE cuando se abre o previsualiza un mensaje. Esto tambi\u00e9n se conoce como \"Microsoft Office Information Disclosure Vulnerability\". Esto afecta a Microsoft Word y Microsoft Office. El ID de este CVE es diferente de CVE-2018-1007."
}
],
"id": "CVE-2018-0950",
"lastModified": "2024-11-21T03:39:17.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-12T01:29:06.267",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103642"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040654"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2024-11-21 01:27
Severity ?
Summary
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | * | |
| microsoft | excel_web_app | 2010 | |
| microsoft | excel_web_app | 2010 | |
| microsoft | office | 2004 | |
| microsoft | office | 2007 | |
| microsoft | office | 2008 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | open_xml_file_format_converter | * | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*",
"matchCriteriaId": "51172DC6-4217-44B9-AAA8-82B93FDBFC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*",
"matchCriteriaId": "01CBB518-3740-424F-82AD-DF6036155326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "BE381B87-A400-4EAB-8085-CB9C34522DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "84CD3A20-1082-4685-98B0-3492228F869E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_web_app:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "EADA2495-FF61-4E02-B469-3D9E28BBD06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_web_app:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E548F0F4-2FA3-4F47-85C7-8F9BFDE86E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:*:x32:*:*:*:*:*",
"matchCriteriaId": "9AC0BEF9-2417-48C5-BC95-F95F41F08795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:*:x64:*:*:*:*:*",
"matchCriteriaId": "C60D2557-347B-41BD-91D5-A51C88630B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "C91F1A74-BE24-4EF7-8E3B-E5E6448E7E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "586E6C37-346C-40BA-AC89-2CEB8C44E190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "48EB5C93-55BF-4608-A9DC-EDD8DE15EE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Conditional Expression Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Service Pack 1 Gold y SP1; Excel en Office 2010 Service Pack 1 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, Servicios de Excel en Office SharePoint Server 2007 SP2, Servicios de Excel en Office SharePoint Server 2010 Gold y SP1, y Excel Web Access 2010 Gold y SP1 no analizan correctamente las expresiones condicionales asociadas con requisitos de formato, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo debidamente modificada. Es un problema tambi\u00e9n conocido como \"Vulnerabilidad de an\u00e1lisis de expresiones condicionales de Excel\"."
}
],
"id": "CVE-2011-1989",
"lastModified": "2024-11-21T01:27:26.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-15T12:26:48.947",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-11 18:47
Modified
2024-11-21 01:15
Severity ?
Summary
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-222A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-222A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F02894C4-57A7-45FE-B9D2-1A0EE3ABA455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "262BC12C-246A-41AB-A08D-3D205156F074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka \"Word RTF Parsing Engine Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Word 2002 SP3, 2003 SP3, y 2007 SP2; Microsoft Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Word Viewer; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2, no manejan adecuadamente propiedades sin especificar datos de texto enriquecido, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento RTF manipulado. Tambi\u00e9n conocido como \"Word RTF Parsing Engine Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2010-1901",
"lastModified": "2024-11-21T01:15:25.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-11T18:47:50.313",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_2000 | * | |
| microsoft | .net_framework | 1.1 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_reporting_services | 2000 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_groove | 2007 | |
| microsoft | office_groove | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_word_viewer | * | |
| microsoft | project | 2002 | |
| microsoft | visio | 2002 | |
| microsoft | word_viewer | 2003 | |
| microsoft | word_viewer | 2003 | |
| microsoft | works | 8.5 | |
| microsoft | platform_sdk | * | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio_.net | 2003 | |
| microsoft | visual_studio_.net | 2005 | |
| microsoft | forefront_client_security | 1.0 | |
| microsoft | visual_foxpro | 8.0 | |
| microsoft | visual_foxpro | 9.0 | |
| microsoft | windows_2000 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
"matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
"matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
"matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen PNG manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de b\u00fafer basado en pila GDI+ PNG\"."
}
],
"id": "CVE-2009-2501",
"lastModified": "2024-11-21T01:05:01.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-14T10:30:01.360",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18635 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18635 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2003 SP3, 2007 SP3, y 2010 SP1; Office Compatibility Pack SP3; y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento de Office manipulado. Aka \"Word Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2013-3852",
"lastModified": "2024-11-21T01:54:25.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.253",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18635"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-09 00:55
Modified
2024-11-21 01:34
Severity ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/49112 | Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/bid/53342 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027041 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49112 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/53342 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96EBA20F-201E-43AA-9F83-B73FB31696C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel File Format Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente memoria durante la apertura de ficheros, permitiendo a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una hoja de c\u00e1lculo manipulada, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria en ficheros Excel\""
}
],
"id": "CVE-2012-0141",
"lastModified": "2024-11-21T01:34:27.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-09T00:55:01.240",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49112"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/53342"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-13 19:00
Modified
2024-11-21 01:18
Severity ?
Summary
Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-285A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-285A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Excel File Format Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2003 SP3 y 2007 SP2; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 no valida adecuadamente la informaci\u00f3n de registro, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento excel manipulado, tambi\u00e9n conocido como \"Vulnerabilidad Excel File Format Parsing\""
}
],
"id": "CVE-2010-3232",
"lastModified": "2024-11-21T01:18:19.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-10-13T19:00:45.540",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/91594 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1036274 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91594 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036274 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_rt | 2013 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "27745C7E-94A0-4C2A-8318-684CB85F48D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-3284",
"lastModified": "2024-11-21T02:49:43.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-13T01:59:38.767",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/91594"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-12 14:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/97436 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038244 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97436 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038244 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2 y Office Compatibility Pack SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible de la memoria de proceso a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Office\"."
}
],
"id": "CVE-2017-0194",
"lastModified": "2024-11-21T03:02:31.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-12T14:59:01.063",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97436"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038244"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-12 00:55
Modified
2024-12-20 03:56
Severity ?
Summary
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-346A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-346A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_word_viewer | - | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 |
{
"cisaActionDue": "2022-04-18",
"cisaExploitAdd": "2022-03-28",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Word Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "55AA5CC4-AF80-49A2-ACD1-5644AA971044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "262BC12C-246A-41AB-A08D-3D205156F074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"Word RTF \u0027listoverridecount\u0027 Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Word Viewer; Office Compatibility Pack SP2 y SP3; y Office Web Apps 2010 SP1 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de datos RTF modificados, alias \"Word RTF \u0027listoverridecount\u0027 Remote Code Execution Vulnerability.\""
}
],
"id": "CVE-2012-2539",
"lastModified": "2024-12-20T03:56:26.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-12-12T00:55:01.060",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2024-11-21 02:40
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0052.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034975 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1034976 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034975 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0052."
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1 y SharePoint Server 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\", una vulnerabilidad diferente a CVE-2016-0052."
}
],
"id": "CVE-2016-0022",
"lastModified": "2024-11-21T02:40:56.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-10T11:59:00.157",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034975"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-15 00:12
Modified
2024-11-21 00:50
Severity ?
Summary
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://marc.info/?l=bugtraq&m=122479227205998&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| secure@microsoft.com | http://marc.info/?l=bugtraq&m=122479227205998&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| secure@microsoft.com | http://secunia.com/advisories/32211 | Patch, Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/bid/31706 | Patch, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1021044 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2008/2808 | Third Party Advisory | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/45580 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=122479227205998&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=122479227205998&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32211 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31706 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021044 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2808 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/45580 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2003 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | - | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | open_xml_file_format_converter | - | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:-:*:*:*:*:*:*",
"matchCriteriaId": "BB7D84EE-5AF2-44AF-AFA1-7BB555AA0B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAAF38A-FE97-40FC-9BBF-763785853DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:-:*:*:*:*:*:*",
"matchCriteriaId": "1F005DF3-BA80-49D0-B2B1-06DFD74ED9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*",
"matchCriteriaId": "0B191155-67F2-4C6E-BD0C-AF5AF6F04BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*",
"matchCriteriaId": "421ACF1B-1B21-4416-98ED-BAA5C210EAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:-:*:*:*:*:*:*",
"matchCriteriaId": "7C150805-6157-43E3-A913-E021F97E7F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:-:*:*:*:*:macos:*:*",
"matchCriteriaId": "4BC69733-551E-4535-B851-4A3EF71E98CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CD4AE15-F3AA-4661-8466-36C2866C0457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:-:*:*:*:*:*:*",
"matchCriteriaId": "F537E651-28E9-4CA5-AA54-E59F7DAA08E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CF3C2971-447B-4054-86C6-3169B82E525B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "BA4BFFB7-4173-423E-A2E5-9F49B3836132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka \"Formula Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n REPT en Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office SharePoint Server 2007 Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Excel con una f\u00f3rmula dentro de una celda. Tambi\u00e9n conocida como \"Vulnerabilidad de validaci\u00f3n de F\u00f3rmula\"."
}
],
"id": "CVE-2008-4019",
"lastModified": "2024-11-21T00:50:42.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-15T00:12:15.943",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32211"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31706"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021044"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45580"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94662 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94662 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer y Excel 2016 para Mac no maneja adecuadamente una comprobaci\u00f3n de registro, lo que permite a atacantes remotos asistidos por usuario ejecutar comandos arbitrarios a trav\u00e9s de contenido embebido manipulado en un documento, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Security Feature Bypass Vulnerability\"."
}
],
"id": "CVE-2016-7266",
"lastModified": "2024-11-21T02:57:48.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:00.497",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94662"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-14 21:17
Modified
2024-11-21 00:30
Severity ?
Summary
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576 | Broken Link | |
| secure@microsoft.com | http://secunia.com/advisories/26447 | Vendor Advisory | |
| secure@microsoft.com | http://www.kb.cert.org/vuls/id/361968 | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | http://www.securityfocus.com/archive/1/476527/100/0/threaded | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securityfocus.com/archive/1/476747/100/0/threaded | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securityfocus.com/bid/25301 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1018559 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2007/2866 | Vendor Advisory | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-07-048/ | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26447 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/361968 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/476527/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/476747/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25301 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018559 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2866 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-07-048/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | xml_core_services | 3.0 | |
| microsoft | xml_core_services | 4.0 | |
| microsoft | xml_core_services | 6.0 | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | - | |
| microsoft | windows_server_2003 | - | |
| microsoft | windows_server_2003 | - | |
| microsoft | windows_vista | - | |
| microsoft | windows_vista | - | |
| microsoft | windows_vista | - | |
| microsoft | windows_vista | - | |
| microsoft | windows_xp | - | |
| microsoft | windows_xp | - | |
| microsoft | windows_xp | - | |
| microsoft | windows_xp | - | |
| microsoft | xml_core_services | 4.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | xml_core_services | 5.0 | |
| microsoft | expression_web | * | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_groove_server | 2007 | |
| microsoft | office_sharepoint_server | * | |
| microsoft | word_viewer | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73052210-0B42-46AA-9F28-AAE3E9B6DE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4170FCB7-274C-4318-B7A1-8F18DE604A2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "43D64F8D-975A-4A5B-BEDF-D27D65C96A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "72CC2D03-538A-4603-B4FF-C6930F9D7E20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:x64:*:*:*:*:*",
"matchCriteriaId": "5E8F1EE5-90F9-48A4-844B-72DDD5F87EF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:x86:*:*:*:*:*",
"matchCriteriaId": "30A0CBBE-137A-4A5F-92DE-36A2FADE9B82",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:gold:*:*:*:*:x64:*",
"matchCriteriaId": "64D983E0-7733-4D63-B680-0AABE30D074D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "7211B5C5-6B6E-4A33-88BC-1D64CD684204",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:professional:*:x64:*",
"matchCriteriaId": "18420EC8-633E-4AED-B33F-5A3C673C396D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
"matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:itanium:*",
"matchCriteriaId": "ED5ADA49-C463-4C85-B9BD-CFEE57417066",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B91A0AA-44C0-4ED8-A7AC-54C9C83FFEFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD275E8-EC75-4DDA-8A29-349EF918B709",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove_server:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC8AD6C-77B6-4EE4-8382-D1C0BEC0F2C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72351338-BB11-4767-B893-9E237F3A5C49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow."
},
{
"lang": "es",
"value": "Microsoft XML Core Services (MSXML) versi\u00f3n 3.0 hasta 6.0 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio del m\u00e9todo substringData en un objeto (1) TextNode o (2) XMLDOM, lo que provoca un desbordamiento de enteros que conduce a un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2007-2223",
"lastModified": "2024-11-21T00:30:13.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-14T21:17:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26447"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/361968"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476527/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476747/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25301"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018559"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2866"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-048/"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/361968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476527/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/476747/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-048/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-08 20:30
Modified
2024-11-21 01:13
Severity ?
Summary
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://osvdb.org/65233 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-159B.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7240 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/65233 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-159B.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7240 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | open_xml_file_format_converter | * | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E8A9B86A-21B8-4E2F-9DB8-1D1DFE718A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69286E7D-BA6E-479F-A9B3-2B9F54663847",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka \"Excel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-1247 and CVE-2010-1249."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 y SP2; Office 2004 para mac; Office 2008 para Mac; Open XML File Format Converter para Mac; Office Excel Viewer SP1 y SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2; permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero Excel manipulado, conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria Excel\", una vulnerabilidad diferente que CVE-2010-1247 y CVE-2010-1249."
}
],
"id": "CVE-2010-0823",
"lastModified": "2024-11-21T01:13:01.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-08T20:30:02.023",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/65233"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7240"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-12 01:29
Modified
2024-11-21 03:59
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103616 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040652 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103616 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software de Microsoft Excel cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Esto afecta a Microsoft Excel y Microsoft Office El ID de este CVE es diferente de CVE-2018-0920, CVE-2018-1011 y CVE-2018-1029."
}
],
"id": "CVE-2018-1027",
"lastModified": "2024-11-21T03:59:01.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-12T01:29:10.127",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103616"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040652"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 21:59
Modified
2024-11-21 02:27
Severity ?
Summary
Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032899 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032899 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | 2007 | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka \"Microsoft Excel DLL Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de b\u00fasqueda no fiable de ruta en Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, y Office Compatibility Pack SP3 que permite a usuarios locales escalar privilegios, a trav\u00e9s de un troyano DLL, en el directorio de trabajo actual, tambi\u00e9n conocida como \u201cVulnerabilidad de Ejecuci\u00f3n de c\u00f3digo Remota DLL en Microsoft Excel.\u201d"
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/426.html\"\u003eCWE-426: Untrusted Search Path\u003c/a\u003e",
"id": "CVE-2015-2378",
"lastModified": "2024-11-21T02:27:18.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-14T21:59:12.893",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-12 00:29
Modified
2024-11-21 04:14
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106100 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106100 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
"matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77A7422A-2507-413A-943B-534BB891543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Excel cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Esto afecta a Office 365 ProPlus, Microsoft Office y Microsoft Excel. El ID de este CVE es diferente de CVE-2018-8636."
}
],
"id": "CVE-2018-8597",
"lastModified": "2024-11-21T04:14:06.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-12T00:29:00.763",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106100"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-10 01:59
Modified
2024-11-21 02:26
Severity ?
Summary
Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/75015 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1032523 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032523 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la corrupci\u00f3n de memoria de Microsoft Office.\u0027"
}
],
"id": "CVE-2015-1760",
"lastModified": "2024-11-21T02:26:04.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-10T01:59:32.263",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/75015"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032523"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-11 03:01
Modified
2024-11-21 02:22
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/62808 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/72463 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1031720 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 | ||
| secure@microsoft.com | https://www.exploit-db.com/exploits/37967/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/62808 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72463 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/37967/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | web_applications | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word_automation_services | - | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AC93E283-E88A-41F1-90B6-CD256FF02F11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Office Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services en SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto de Office.\u0027"
}
],
"id": "CVE-2015-0064",
"lastModified": "2024-11-21T02:22:18.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-11T03:01:07.200",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/62808"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/72463"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1031720"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"source": "secure@microsoft.com",
"url": "https://www.exploit-db.com/exploits/37967/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/37967/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-10 22:30
Modified
2024-11-21 01:11
Severity ?
Summary
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1023698 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E8A9B86A-21B8-4E2F-9DB8-1D1DFE718A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69286E7D-BA6E-479F-A9B3-2B9F54663847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which \"a MDXTUPLE record is broken up into several records,\" aka \"Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en Microsoft Office Excel 2007 SP1 y SP2; Office Excel Viewer SP1 y SP2; y Pack de Compatibilidad de Office para Word, Excel y PowerPoint 2007 Formatos de Fichero SP1 y SP2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja Excel manipulada. Tambi\u00e9n se conoce como \"Vulnerabilidad de desbordamiento de b\u00fafer basado en memoria de Microsoft Office Excel MDXTUPLE\""
}
],
"id": "CVE-2010-0260",
"lastModified": "2024-11-21T01:11:51.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-10T22:30:01.107",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-22 23:29
Modified
2024-11-21 03:39
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102749 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102749 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2018-0805, CVE-2018-0806 y CVE-2018-0807."
}
],
"id": "CVE-2018-0862",
"lastModified": "2024-11-21T03:39:06.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-22T23:29:00.507",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102749"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3363.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1036785 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036785 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3363."
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability,\" una vulnerabilidad diferente a CVE-2016-3363."
}
],
"id": "CVE-2016-3381",
"lastModified": "2024-11-21T02:49:53.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-14T10:59:54.783",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-14 20:59
Modified
2024-11-21 02:25
Severity ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032104 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032104 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2007 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad del uso despu\u00e9s de liberaci\u00f3n en componentes de Microsoft Office.\u0027"
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2015-1651",
"lastModified": "2024-11-21T02:25:51.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-14T20:59:13.407",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-11 12:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034122 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034122 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3 y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6092",
"lastModified": "2024-11-21T02:34:26.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-11T12:59:31.757",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-08 23:55
Modified
2024-11-21 02:04
Severity ?
Summary
Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.kb.cert.org/vuls/id/882841 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/882841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office File Format Converter Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3 y 2010 SP1 y SP2, y Office Compatibility Pack SP3, asigna memoria incorrectamente para conversiones de archivo de un formato binario (tambi\u00e9n conocido como .doc) a un formato m\u00e1s nuevo, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de Convertidor de Formato de Archivos de Microsoft Office.\""
}
],
"id": "CVE-2014-1757",
"lastModified": "2024-11-21T02:04:58.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-08T23:55:06.540",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.kb.cert.org/vuls/id/882841"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/882841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 21:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032899 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032899 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | - |
{
"cisaActionDue": "2022-03-24",
"cisaExploitAdd": "2022-03-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft PowerPoint Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:*:*:*:macos:*:*",
"matchCriteriaId": "BCB90D64-B7B2-4301-91E3-A113569371F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "552E1557-D6FA-45DD-9B52-E13ACDBB8A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC45CB0-6C84-46D3-B16D-170D46822E54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1 y PowerPoint 2013 RT SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicios mediante un documento Office manipulado, tambi\u00e9n conocida como \u0027Vulnerabilidad de corrupci\u00f3n de Memoria en Microsoft Office\u0027."
}
],
"id": "CVE-2015-2424",
"lastModified": "2024-11-21T02:27:22.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-07-14T21:59:35.987",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-09 00:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033488 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | ||
| secure@microsoft.com | https://www.exploit-db.com/exploits/38215/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033488 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/38215/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2011:*:*:*:*:mac:*:*",
"matchCriteriaId": "47108A2F-40F7-445C-BEBE-AB4D5096E297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac:*:*",
"matchCriteriaId": "7A68508F-0AC6-4242-927A-A0AA44B48C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad en Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel para Mac 2011 y 2016, Office Compatibility Pack SP3 y Excel Viewer, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability.\u0027"
}
],
"id": "CVE-2015-2520",
"lastModified": "2024-11-21T02:27:32.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-09T00:59:32.363",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"source": "secure@microsoft.com",
"url": "https://www.exploit-db.com/exploits/38215/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/38215/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/96745 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038010 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96745 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
},
{
"lang": "es",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016 y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031 y CVE-2017-0052."
}
],
"id": "CVE-2017-0053",
"lastModified": "2024-11-21T03:02:14.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T00:59:01.400",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96745"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-09 00:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033488 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | ||
| secure@microsoft.com | https://www.exploit-db.com/exploits/38214/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033488 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/38214/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2011:*:*:*:*:mac:*:*",
"matchCriteriaId": "47108A2F-40F7-445C-BEBE-AB4D5096E297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac:*:*",
"matchCriteriaId": "7A68508F-0AC6-4242-927A-A0AA44B48C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad en Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel para Mac 2011 y 2016, Office Compatibility Pack SP3 y Excel Viewer, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability.\u0027"
}
],
"id": "CVE-2015-2523",
"lastModified": "2024-11-21T02:27:32.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-09T00:59:35.270",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"source": "secure@microsoft.com",
"url": "https://www.exploit-db.com/exploits/38214/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/38214/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034976 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016 y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0056",
"lastModified": "2024-11-21T02:41:00.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-10T11:59:20.753",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-09 00:55
Modified
2024-11-21 01:37
Severity ?
Summary
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/49112 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/53379 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027041 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/75119 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49112 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/53379 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-129A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/75119 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96EBA20F-201E-43AA-9F83-B73FB31696C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "3FCF826B-7041-4304-95B4-5781334E9144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una hoja de c\u00e1lculo manipulada, tambi\u00e9n conocido como \"Error de An\u00e1lisis de Registros de Excel podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo.\""
}
],
"id": "CVE-2012-1847",
"lastModified": "2024-11-21T01:37:54.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-09T00:55:01.977",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/49112"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/53379"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75119"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-11 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/59867 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/70961 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1031189 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59867 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70961 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031189 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | office_word_viewer | * | |
| microsoft | word | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Double Delete Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto de eliminaci\u00f3n doble de Microsoft Office.\u0027"
}
],
"id": "CVE-2014-6333",
"lastModified": "2024-11-21T02:14:11.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-11T22:55:05.247",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/59867"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/70961"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 21:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032899 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032899 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_designer | 2010 | |
| microsoft | sharepoint_designer | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:*:*:*:mac:*:*",
"matchCriteriaId": "AA77823A-1112-49BE-A140-790E8816DAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3E93E7B-E61E-4755-8AE8-C333E6144655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "511A4ED3-E85C-4C95-B128-841220D1F79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "304608B5-63CB-4F95-9C5B-2D5EFA83BC36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office para Mac 2011, Visor Excel 2007 SP3, Paquete de Compatibilidad Office SP3, Servicios Excel en Servidor SharePoint 2007 SP3, Servicios Excel en Servidor SharePoint 2010 SP2 y Servicios Excel en Servidor SharePoint 2013 SP1 permiten a atacantes remotos la ejecuci\u00f3n de c\u00f3digo arbitrario o provocar denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) v\u00eda documento de Office modificado, tambi\u00e9n conocida como \u0027Vulnerabilidad de corrupci\u00f3n de Memoria en Microsoft Office\u0027."
}
],
"id": "CVE-2015-2376",
"lastModified": "2024-11-21T02:27:18.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-14T21:59:11.250",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:49
Severity ?
Summary
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 | Exploit | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 | Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96EBA20F-201E-43AA-9F83-B73FB31696C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "3C4CFF7E-7170-4A6B-9A59-9815EE896C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:x64:*",
"matchCriteriaId": "08795370-2A25-4F0D-970D-9B087F980BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:x86:*:*",
"matchCriteriaId": "78F27907-6FAB-4A9D-B100-B3D170520A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C86EA4A-7108-4A3A-A447-19CB3CA76B08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C86EA4A-7108-4A3A-A447-19CB3CA76B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "D133FB73-C7F6-481C-B050-C242C771ED21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "858F70F4-3128-477D-ACAA-73F0AFA23A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55C05DB1-03DC-454B-85E5-715938F0E13E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft SharePoint Server 2007 SP3, 2010 SP1 y SP2, y 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office para Mac 2011; Excel Viewer; y Office Compatibility Pack SP3 permiten a un atacante remoto ejecutar c\u00f3digo a discrecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria), a trav\u00e9s de un documento Office manipulado, tambien conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Microsoft Office\"."
}
],
"id": "CVE-2013-1315",
"lastModified": "2024-11-21T01:49:20.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.027",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/92796 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1036785 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92796 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036785 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint_for_mac | 2016 | |
| microsoft | powerpoint_viewer | * | |
| microsoft | sharepoint_designer | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E8183EF0-6363-4372-ABCB-03463EC5FDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA10B8A2-2F13-4FAA-A4E2-D615E44AD020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "304608B5-63CB-4F95-9C5B-2D5EFA83BC36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 para Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-3360",
"lastModified": "2024-11-21T02:49:51.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-14T10:59:34.373",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/92796"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100751 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100751 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_viewer | 2007 | |
| microsoft | excel_web_app | 2013 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | * | |
| microsoft | office_web_apps | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_web_app:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BCFAB1AB-D9E4-4845-A9CA-29D757B41D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6404DAF-34CC-47A0-B711-87EAC662FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "93566DC7-8B2D-4EB6-B701-15885F3AEA1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3 y Office Online Server cuando no se gestionan correctamente los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-8630, CVE-2017-8632, y CVE-2017-8744."
}
],
"id": "CVE-2017-8631",
"lastModified": "2024-11-21T03:34:23.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-13T01:29:09.660",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100751"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-10 22:30
Modified
2024-11-21 01:11
Severity ?
Summary
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id?1023698 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-068A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E8A9B86A-21B8-4E2F-9DB8-1D1DFE718A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69286E7D-BA6E-479F-A9B3-2B9F54663847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel 2002 SP3, Office 2004 y 2008 para Mac y el Conversor de Formatos de Ficheros Open XML -Open XML File Format Converter- para Mac, no analizan adecuadamente los formatos de fichero Excel, esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja manipulada. Tambi\u00e9n se conoce como \"Vulnerabilidad de an\u00e1lisis de documento en Microsoft Office Excel DbOrParamQry\""
}
],
"id": "CVE-2010-0264",
"lastModified": "2024-11-21T01:11:51.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-10T22:30:01.230",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7888"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94020 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| secure@microsoft.com | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94020 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B12493-4287-4AAD-9A18-D3FC3FCBE172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2010 SP2, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7234",
"lastModified": "2024-11-21T02:57:45.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:47.363",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/94020"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94721 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94721 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3 y Excel Services en SharePoint Server 2010 SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible desde la memoria de proceso o provocar una denegaci\u00f3n de servicio (lectura fuera de r\u00e1ngo) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2016-7265",
"lastModified": "2024-11-21T02:57:48.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:00.467",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94721"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2024-11-21 02:40
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0022.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034975 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1034976 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034975 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0022."
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1 y SharePoint Server 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability,\" una vulnerabilidad diferente a CVE-2016-0022."
}
],
"id": "CVE-2016-0052",
"lastModified": "2024-11-21T02:40:59.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-10T11:59:16.487",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034975"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/96051 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038010 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96051 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053."
},
{
"lang": "es",
"value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2 y Word Automation Services en SharePoint Server 2010 SP2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052 y CVE-2017-0053."
}
],
"id": "CVE-2017-0030",
"lastModified": "2024-11-21T03:02:12.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T00:59:00.900",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96051"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2024-11-21 01:27
Severity ?
Summary
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "586E6C37-346C-40BA-AC89-2CEB8C44E190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "48EB5C93-55BF-4608-A9DC-EDD8DE15EE44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 Service Pack 2; Excel en Office 2007 SP2, Excel Viewer SP2, Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, y Servicios de Excel en Office SharePoint Server 2007 SP2 no validan correctamente el signo de un \u00edndice no especificado de una matriz, lo que permite ejecutar c\u00f3digo de su elecci\u00f3n a atacantes remotos a trav\u00e9s de una hoja de c\u00e1lculo debidamente modificada. Es un problema tambi\u00e9n conocido como \"Vulnerabilidad de indexaci\u00f3n de matrices fuera de l\u00edmites\"."
}
],
"id": "CVE-2011-1990",
"lastModified": "2024-11-21T01:27:26.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-15T12:26:48.977",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/93993 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93993 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7213",
"lastModified": "2024-11-21T02:57:42.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:26.420",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93993"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102372 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102372 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"."
},
{
"lang": "es",
"value": "Microsoft Excel en Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permiten una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\"."
}
],
"id": "CVE-2018-0796",
"lastModified": "2024-11-21T03:38:58.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.633",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102372"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-10 13:29
Modified
2024-11-21 04:13
Severity ?
Summary
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105453 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041823 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105453 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041823 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_word_viewer | - | |
| microsoft | powerpoint_viewer | 2007 | |
| microsoft | windows_server_2008 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "2D744C6F-DEFB-4EC5-B635-2EE7DC7C07F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el componente Windows Graphics de Microsoft gestiona los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Graphics Components Information Disclosure Vulnerability\". Esto afecta a Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer y Microsoft Excel Viewer."
}
],
"id": "CVE-2018-8427",
"lastModified": "2024-11-21T04:13:48.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-10T13:29:02.167",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105453"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-16 20:55
Modified
2024-11-21 01:25
Severity ?
Summary
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://osvdb.org/72924 | ||
| secure@microsoft.com | http://securityreason.com/securityalert/8330 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/72924 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8330 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka \"Excel Buffer Overrun Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Microsoft Excel 2002 SP3, 2003 SP3 y SP2 2007, Office 2004 y 2008 para Mac, Open XML Format Converter para Mac, Excel Viewer Service Pack 2, y el paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n mediante a trav\u00e9s de una hoja de c\u00e1lculo Excel manipulada,ralacionado con la validaci\u00f3n incorrecta de la informaci\u00f3n almacenada tambien conocida como \"Vulnerabilidad de saturaci\u00f3n de b\u00fafer en Excel\"."
}
],
"id": "CVE-2011-1276",
"lastModified": "2024-11-21T01:25:58.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-16T20:55:02.213",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/72924"
},
{
"source": "secure@microsoft.com",
"url": "http://securityreason.com/securityalert/8330"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94005 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1037246 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| secure@microsoft.com | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1231 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1231 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_for_mac | 2011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B12493-4287-4AAD-9A18-D3FC3FCBE172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word para Mac 2011 y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-7232",
"lastModified": "2024-11-21T02:57:44.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T06:59:45.330",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/94005"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1231"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-09 18:09
Modified
2024-11-21 01:46
Severity ?
Summary
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA13-008A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429 | ||
| secure@microsoft.com | https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA13-008A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | xml_core_services | 3.0 | |
| microsoft | xml_core_services | 4.0 | |
| microsoft | xml_core_services | 6.0 | |
| microsoft | windows_7 | - | |
| microsoft | windows_7 | - | |
| microsoft | windows_8 | - | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | - | |
| microsoft | xml_core_services | 4.0 | |
| microsoft | xml_core_services | 6.0 | |
| microsoft | windows_7 | - | |
| microsoft | windows_rt | - | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | xml_core_services | 5.0 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | groove_server | 2007 | |
| microsoft | groove_server | 2007 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73052210-0B42-46AA-9F28-AAE3E9B6DE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4170FCB7-274C-4318-B7A1-8F18DE604A2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*",
"matchCriteriaId": "DE8E7D74-0DCB-4633-B502-EDC2112229BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64:*:*:*:*:*",
"matchCriteriaId": "17734480-66E4-488E-87A6-852CA3E4E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4170FCB7-274C-4318-B7A1-8F18DE604A2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC7A32C-4A4A-4533-B42E-350E728ADFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "32C28EC2-8A34-4E30-A76A-86921D7332C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B91A0AA-44C0-4ED8-A7AC-54C9C83FFEFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CE0C80DA-FA6F-42A5-8A81-E1DBF8A6117E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:groove_server:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8D61B21F-E1A1-421A-BA3E-5D0D294A4325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:groove_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "11874823-F6B3-4948-9A7B-FA903EF31005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9C24FB09-DBAD-4F62-BBD6-B81B9EC83D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka \"MSXML Integer Truncation Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft XML Core Services (tambi\u00e9n conocido como MSXML) v3.0, v5.0 y v6.0 no analiza correctamente el contenido XML, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una p\u00e1gina web dise\u00f1ada, tambi\u00e9n conocido como \"MSXML Integer Truncation Vulnerability.\""
}
],
"id": "CVE-2013-0006",
"lastModified": "2024-11-21T01:46:46.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-09T18:09:40.163",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429"
},
{
"source": "secure@microsoft.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3381.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/92801 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1036785 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| secure@microsoft.com | https://medium.com/%40steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92801 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036785 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/%40steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3381."
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\", una vulnerabilidad diferente a CVE-2016-3381."
}
],
"id": "CVE-2016-3363",
"lastModified": "2024-11-21T02:49:51.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-14T10:59:37.513",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92801"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "secure@microsoft.com",
"url": "https://medium.com/%40steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-11 00:59
Modified
2024-11-21 02:14
Severity ?
Summary
Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Invalid Index Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Error en el indice del array en Microsoft Word 2007 SP3, Word 2010 SP2, y Office Compatibility Pack SP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto en indice inv\u00e1lido.\u0027"
}
],
"id": "CVE-2014-6356",
"lastModified": "2024-11-21T02:14:14.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-11T00:59:09.300",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 21:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032899 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032899 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "3C4CFF7E-7170-4A6B-9A59-9815EE896C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u201cVulnerabilidad de corrupci\u00f3n de Memoria en Microsoft Office.\u201d"
}
],
"id": "CVE-2015-2415",
"lastModified": "2024-11-21T02:27:21.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-14T21:59:32.500",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102457 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este CVE es diferente de CVE-2018-0805, CVE-2018-0806 y CVE-2018-0807."
}
],
"id": "CVE-2018-0804",
"lastModified": "2024-11-21T03:38:59.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.867",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102457"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-09 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034324 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:x86:*:*",
"matchCriteriaId": "D75C97F9-8912-4FC3-8C93-F4E3F20B60FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel para Mac 2011, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6122",
"lastModified": "2024-11-21T02:34:28.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-12-09T11:59:08.440",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-14 00:55
Modified
2024-11-21 01:39
Severity ?
Summary
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/56431 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1027752 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-318A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56431 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027752 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-318A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "84CD3A20-1082-4685-98B0-3492228F869E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp1:x86:*:*:*:*:*",
"matchCriteriaId": "A66E94C7-8F97-4B64-83AC-BE0F7C2F5953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AED6C159-CD2C-436B-99BC-00E79A685D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Stack Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en Microsoft Excel 2007 SP2 y SP3 y Server 2010 SP1, Office 2011 para Mac, Excel Viewer y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo hecha a mano. Se trata de un problema tambi\u00e9n conocido como \"vulnerabilidad de desbordamiento pila en Excel\".\r\n"
}
],
"id": "CVE-2012-2543",
"lastModified": "2024-11-21T01:39:12.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-14T00:55:01.623",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/56431"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1027752"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-16 20:55
Modified
2024-11-21 01:25
Severity ?
Summary
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Improper Record Parsing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://osvdb.org/72921 | ||
| secure@microsoft.com | http://secunia.com/advisories/44931/ | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/72921 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44931/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:x32:*:*:*:*:*",
"matchCriteriaId": "51172DC6-4217-44B9-AAA8-82B93FDBFC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:x64:*:*:*:*:*",
"matchCriteriaId": "01CBB518-3740-424F-82AD-DF6036155326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Improper Record Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004, 2008, y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 no valida adecuadamente informaci\u00f3n gravada durante el parseo de las hojas de c\u00e1lculo en Excel, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de hojas de c\u00e1lculo, tambi\u00e9n conocido como \"Excel Improper Record Parsing Vulnerability.\""
}
],
"id": "CVE-2011-1273",
"lastModified": "2024-11-21T01:25:58.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-16T20:55:02.120",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/72921"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/44931/"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44931/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12354"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 21:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032899 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032899 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u201cVulnerabilidad de corrupci\u00f3n de Memoria en Microsoft Office.\u201d"
}
],
"id": "CVE-2015-2377",
"lastModified": "2024-11-21T02:27:18.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-14T21:59:12.063",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "E03BB51F-14CE-4FFC-ADCD-15B5B694563B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:x86:*:*",
"matchCriteriaId": "C3ADF60E-8802-4738-A6A6-BF2790225BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849."
},
{
"lang": "es",
"value": "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambien conocido como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Word\", una vulnerabilidad diferente a CVE-2013-3847, CVE-2013-3848, y CVE-2013-3849."
}
],
"id": "CVE-2013-3858",
"lastModified": "2024-11-21T01:54:26.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.300",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1036785 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| secure@microsoft.com | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1228 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036785 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1228 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-3359",
"lastModified": "2024-11-21T02:49:51.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-14T10:59:33.437",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "secure@microsoft.com",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1228"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-09 19:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104053 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040857 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104053 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040857 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE41A84-9FE6-4227-87FA-6D909A6CA161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Excel cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Esto afecta a Microsoft Excel y Microsoft Office El ID de este CVE es diferente de CVE-2018-8147 y CVE-2018-8162."
}
],
"id": "CVE-2018-8148",
"lastModified": "2024-11-21T04:13:21.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-09T19:29:02.073",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104053"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040857"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-14 20:59
Modified
2024-11-21 02:25
Severity ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032104 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032104 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, y Office Web Apps Server 2010 SP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad del uso despu\u00e9s de liberaci\u00f3n de componentes de Microsoft Office.\u0027"
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2015-1649",
"lastModified": "2024-11-21T02:25:51.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-14T20:59:11.767",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-09 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034325 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034325 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka \"Microsoft Office RCE Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1 y Office Compatibility Pack SP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje de correo electr\u00f3nico manipulado procesado por Outlook, tambi\u00e9n conocida como \u0027Microsoft Office RCE Vulnerability\u0027."
}
],
"id": "CVE-2015-6172",
"lastModified": "2024-11-21T02:34:34.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-12-09T11:59:53.890",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034325"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:06
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_2000 | * | |
| microsoft | .net_framework | 1.1 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_reporting_services | 2000 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_groove | 2007 | |
| microsoft | office_groove | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_word_viewer | * | |
| microsoft | project | 2002 | |
| microsoft | visio | 2002 | |
| microsoft | word_viewer | 2003 | |
| microsoft | word_viewer | 2003 | |
| microsoft | works | 8.5 | |
| microsoft | platform_sdk | * | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio_.net | 2003 | |
| microsoft | visual_studio_.net | 2005 | |
| microsoft | forefront_client_security | 1.0 | |
| microsoft | visual_foxpro | 8.0 | |
| microsoft | visual_foxpro | 9.0 | |
| microsoft | windows_2000 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
"matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
"matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
"matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de entero en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una fichero de imagen PNG manipulada, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de entero GDI+ PNG\""
}
],
"id": "CVE-2009-3126",
"lastModified": "2024-11-21T01:06:36.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-14T10:30:01.843",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-09 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034324 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3 y Excel Viewer permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6177",
"lastModified": "2024-11-21T02:34:35.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-12-09T11:59:58.583",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2024-11-21 02:57
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94670 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94670 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7291."
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible del proceso de memoria o provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\", una vulnerabilidad diferente a CVE-2016-7291."
}
],
"id": "CVE-2016-7290",
"lastModified": "2024-11-21T02:57:51.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T06:59:01.297",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94670"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2024-11-21 01:27
Severity ?
Summary
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Heap Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Office 2004 y 2008 para Mac, Open XML File Format Converter para Mac, Excel Viewer Service Pack 2, y el paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2 File Formats SP2 no analizan correctamente los registros en hojas de c\u00e1lculo Excel, lo que permite a atacantes remotos ejecutar c\u00f3digo de sue elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo debidamente modificada. Es un problema tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria din\u00e1mica de Excel\"."
}
],
"id": "CVE-2011-1988",
"lastModified": "2024-11-21T01:27:26.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-15T12:26:48.897",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-09 14:53
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-288A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-288A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel Viewer, y Office Compatibility Pack SP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office dise\u00f1ado, tambi\u00e9n conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Microsoft Excel\"."
}
],
"id": "CVE-2013-3890",
"lastModified": "2024-11-21T01:54:29.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-09T14:53:25.060",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-11 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/77489 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1034118 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1034122 | ||
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-15-543 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77489 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034118 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034122 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-15-543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | - | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8D0B57B-4FDA-40E6-BFD4-58D709D86CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer y Excel Services en SharePoint Server 2007 SP3, 2010 SP2 y 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \u0027Microsoft Office Memory Corruption Vulnerability\u0027."
}
],
"id": "CVE-2015-6038",
"lastModified": "2024-11-21T02:34:20.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-11T11:59:20.457",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/77489"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034118"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-08 20:30
Modified
2024-11-21 01:13
Severity ?
Summary
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/archive/1/511729/100/0/threaded | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-159B.html | US Government Resource | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-10-104 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/511729/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-159B.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-10-104 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | open_xml_file_format_converter | * | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E8A9B86A-21B8-4E2F-9DB8-1D1DFE718A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69286E7D-BA6E-479F-A9B3-2B9F54663847",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka \"Excel Record Parsing Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0824 and CVE-2010-1245."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 y SP2; Office 2004 para mac; Office 2008 para Mac; Open XML File Format Converter para Mac; Office Excel Viewer SP1 y SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2; permite a atacantse remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero Excel manipulado, conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria en el parseo de registro Excel\", una vulnerabilidad diferente que CVE-2010-0824 y CVE-2010-1245."
}
],
"id": "CVE-2010-0821",
"lastModified": "2024-11-21T01:13:01.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-08T20:30:01.960",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/511729/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-104"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511729/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_2000 | * | |
| microsoft | .net_framework | 1.1 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_reporting_services | 2000 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_groove | 2007 | |
| microsoft | office_groove | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_word_viewer | * | |
| microsoft | project | 2002 | |
| microsoft | visio | 2002 | |
| microsoft | word_viewer | 2003 | |
| microsoft | word_viewer | 2003 | |
| microsoft | works | 8.5 | |
| microsoft | platform_sdk | * | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio_.net | 2003 | |
| microsoft | visual_studio_.net | 2005 | |
| microsoft | forefront_client_security | 1.0 | |
| microsoft | visual_foxpro | 8.0 | |
| microsoft | visual_foxpro | 9.0 | |
| microsoft | windows_2000 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
"matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
"matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
"matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "GDI+ en Microsoft Office XP SP3 no maneja adecuadamente los objetos mal formados en Office Art Property Tables, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento de Office manipulado que provoca una corrupci\u00f3n de memoria, \"tambi\u00e9n conocida como vulnerabilidad de corrupci\u00f3n de memoria\"."
}
],
"id": "CVE-2009-2528",
"lastModified": "2024-11-21T01:05:05.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-14T10:30:01.703",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 17:29
Modified
2024-11-21 03:39
Severity ?
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103314 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040511 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103314 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040511 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | office_word_viewer | - | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac:*:*",
"matchCriteriaId": "AE116A39-963D-43E2-A21B-782271C4F63C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "55AA5CC4-AF80-49A2-ACD1-5644AA971044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C0BD17-4324-4DFF-9804-1825C4C182A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A5D3A185-BE57-403E-914E-FDECEC3A477C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8E95D3-C62D-41D2-8B3A-032FEA6B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
},
{
"lang": "es",
"value": "Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 y Microsoft Word 2016 permiten una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2018-0922",
"lastModified": "2024-11-21T03:39:13.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T17:29:02.980",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103314"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040511"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/96746 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038010 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96746 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible de la memoria fuera de l\u00edmites a trav\u00e9s de un documento de Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2017-0105",
"lastModified": "2024-11-21T03:02:21.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T00:59:02.853",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96746"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-13 04:46
Modified
2024-12-19 20:12
Severity ?
Summary
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://technet.microsoft.com/security/advisory/2719615 | Vendor Advisory | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-174A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-192A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://technet.microsoft.com/security/advisory/2719615 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-174A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-192A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | xml_core_services | 3.0 | |
| microsoft | xml_core_services | 4.0 | |
| microsoft | xml_core_services | 6.0 | |
| microsoft | windows_7 | - | |
| microsoft | windows_7 | - | |
| microsoft | windows_8 | - | |
| microsoft | windows_server_2003 | - | |
| microsoft | windows_server_2003 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_vista | - | |
| microsoft | windows_xp | - | |
| microsoft | xml_core_services | 5.0 | |
| microsoft | expression_web | 2 | |
| microsoft | expression_web | sp1 | |
| microsoft | groove | 2007 | |
| microsoft | groove | 2007 | |
| microsoft | groove_server | 2007 | |
| microsoft | groove_server | 2007 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_word_viewer | - | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 |
{
"cisaActionDue": "2022-06-22",
"cisaExploitAdd": "2022-06-08",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft XML Core Services Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73052210-0B42-46AA-9F28-AAE3E9B6DE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4170FCB7-274C-4318-B7A1-8F18DE604A2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3527F41-A6ED-437D-9833-458A2C60C2A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B91A0AA-44C0-4ED8-A7AC-54C9C83FFEFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8038BCE0-23C5-4A73-B4B3-A1143DE9C1A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:groove:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5075B5F5-5018-4DEF-B77D-E75C09CB3DF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:groove:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F73CE423-638E-406F-AD0A-84049B56DA8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:groove_server:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8D61B21F-E1A1-421A-BA3E-5D0D294A4325",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:groove_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "11874823-F6B3-4948-9A7B-FA903EF31005",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "55AA5CC4-AF80-49A2-ACD1-5644AA971044",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9C24FB09-DBAD-4F62-BBD6-B81B9EC83D56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site."
},
{
"lang": "es",
"value": "Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web modificado."
}
],
"id": "CVE-2012-1889",
"lastModified": "2024-12-19T20:12:36.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-06-13T04:46:46.190",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2719615"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-174A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2719615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-174A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102459 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102459 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807"
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este CVE es diferente de CVE-2018-0804, CVE-2018-0806 y CVE-2018-0807."
}
],
"id": "CVE-2018-0805",
"lastModified": "2024-11-21T03:38:59.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.900",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102459"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-14 01:29
Modified
2024-11-21 04:14
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105834 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1042134 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105834 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042134 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps_server | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:mac_os_x:*:*:*",
"matchCriteriaId": "4CB0AE38-2868-4342-95D1-3CEEACE9AEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Excel cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Esto afecta a Microsoft Office, ffice 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer y Excel. El ID de este CVE es diferente de CVE-2018-8574."
}
],
"id": "CVE-2018-8577",
"lastModified": "2024-11-21T04:14:04.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-14T01:29:01.847",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105834"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042134"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8577"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-12 23:59
Modified
2024-11-21 02:41
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1035524 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1035525 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035524 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035525 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps_server | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "84149DF3-54BA-4738-9386-6C29B4E9448F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0127",
"lastModified": "2024-11-21T02:41:07.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T23:59:05.617",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1035524"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-16 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1036093 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2 y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2016-3233",
"lastModified": "2024-11-21T02:49:38.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-16T01:59:35.170",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036093"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-15 03:29
Modified
2024-11-21 03:08
Severity ?
Summary
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/101747 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039783 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101747 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039783 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "98BF87B2-CE8F-4977-9436-9BE5821CF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "DAD067D0-3EE7-4E65-98FF-95277E98DE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\"."
},
{
"lang": "es",
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3 y Microsoft Excel 2016 para Mac permiten la omisi\u00f3n de una caracter\u00edstica de seguridad debido a que no se impone la configuraci\u00f3n de macros en un documento de Excel. Esto tambi\u00e9n se conoce como \"Microsoft Excel Security Feature Bypass Vulnerability\"."
}
],
"id": "CVE-2017-11877",
"lastModified": "2024-11-21T03:08:40.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-15T03:29:01.763",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101747"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"source": "secure@microsoft.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-11 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/59867 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/70963 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1031189 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59867 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70963 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031189 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | office_word_viewer | * | |
| microsoft | word | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto de puntero inv\u00e1lido de Microsoft Office.\u0027"
}
],
"id": "CVE-2014-6335",
"lastModified": "2024-11-21T02:14:11.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-11T22:55:05.343",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/59867"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/70963"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-22 23:29
Modified
2024-11-21 03:39
Severity ?
Summary
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102747 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102747 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
},
{
"lang": "es",
"value": "Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que se gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2018-0805, CVE-2018-0806 y CVE-2018-0807."
}
],
"id": "CVE-2018-0848",
"lastModified": "2024-11-21T03:39:05.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-22T23:29:00.397",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102747"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100741 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039323 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100741 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039323 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2016 | |
| microsoft | powerpoint_viewer | 2010 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "8871A04D-4B02-4A8C-BAFC-EB27D23AD346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8743."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2 y Microsoft Office Compatibility Pack Service Pack 3 cuando manejan incorrectamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"PowerPoint Remote Code Execution Vulnerability\" El ID de este CVE es distinto a CVE-2017-8743."
}
],
"id": "CVE-2017-8742",
"lastModified": "2024-11-21T03:34:36.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-13T01:29:11.630",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100741"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039323"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-12 23:41
Modified
2024-11-21 00:48
Severity ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://marc.info/?l=bugtraq&m=121915960406986&w=2 | ||
| secure@microsoft.com | http://marc.info/?l=bugtraq&m=121915960406986&w=2 | ||
| secure@microsoft.com | http://secunia.com/advisories/31454 | Vendor Advisory | |
| secure@microsoft.com | http://secunia.com/advisories/31455 | Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/archive/1/495428/100/0/threaded | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/30640 | ||
| secure@microsoft.com | http://www.securitytracker.com/id?1020672 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA08-225A.html | US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2008/2347 | Vendor Advisory | |
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-08-048/ | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=121915960406986&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=121915960406986&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31454 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31455 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495428/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30640 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020672 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-225A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2347 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-08-048/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*",
"matchCriteriaId": "E438882E-1AAE-477E-B885-D4E95D2AE88A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:*:gold:*:*:*:*:*",
"matchCriteriaId": "DF7E2389-AE34-4DE5-9974-9F9C383C3E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB3D66F-9028-4703-9D6A-629331EEB492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:*:gold:*:*:*:*:*",
"matchCriteriaId": "9F367F96-6ADC-4CB7-9542-2B36479210EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FF147712-EB07-4B2F-AE13-DC8F12CF18BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:*:gold:*:*:*:*:*",
"matchCriteriaId": "3FE322C4-C86D-4BCD-A232-663A626B7D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CF3C2971-447B-4054-86C6-3169B82E525B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the \"Excel Record Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 y SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 Gold y SP3; Office Excel Viewer; Paquete de compatibilidad de Office 2007 Gold y SP1; Office SharePoint Server 2007 Gold y SP1; y Office 2004 y 2008 para Mac no analizan apropiadamente los valores de registro Country al cargar archivos de Excel, lo que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Excel creado, tambi\u00e9n se conoce como \"Excel Record Parsing Vulnerability.\""
}
],
"evaluatorComment": "This vulnerability has multiple attack vectors and CIA impact. Please review the following guidance from Microsoft for more information:\r\n\r\nAn attack against a user\u0027s local Excel client can result in remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.\r\n\r\nAn attack against a Microsoft Office SharePoint Server 2007 site can result in elevation of privilege. An attacker who successfully exploited this vulnerability could gain an elevation of privilege within SharePoint server, as opposed to elevation of privilege within the workstation or server environment. \r\n\r\nIn an attack against a SharePoint site, an attacker would first need an account on the SharePoint site with sufficient rights to upload a specially crafted Excel file and then create a web part using the file on the SharePoint site.\r\n",
"id": "CVE-2008-3006",
"lastModified": "2024-11-21T00:48:13.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-12T23:41:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31454"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31455"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/495428/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/30640"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020672"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2347"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-048/"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495428/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-048/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_2000 | * | |
| microsoft | .net_framework | 1.1 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_reporting_services | 2000 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | expression_web | * | |
| microsoft | expression_web | 2 | |
| microsoft | office | 2003 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_groove | 2007 | |
| microsoft | office_groove | 2007 | |
| microsoft | office_powerpoint_viewer | * | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_powerpoint_viewer | 2007 | |
| microsoft | office_word_viewer | * | |
| microsoft | project | 2002 | |
| microsoft | visio | 2002 | |
| microsoft | word_viewer | 2003 | |
| microsoft | word_viewer | 2003 | |
| microsoft | works | 8.5 | |
| microsoft | platform_sdk | * | |
| microsoft | report_viewer | 2005 | |
| microsoft | report_viewer | 2008 | |
| microsoft | report_viewer | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio | 2008 | |
| microsoft | visual_studio_.net | 2003 | |
| microsoft | visual_studio_.net | 2005 | |
| microsoft | forefront_client_security | 1.0 | |
| microsoft | visual_foxpro | 8.0 | |
| microsoft | visual_foxpro | 9.0 | |
| microsoft | windows_2000 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
"matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
"matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
"matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
"matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
"matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de entero en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web 2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen WMF, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de entero GDI+ WMF\""
}
],
"id": "CVE-2009-2500",
"lastModified": "2024-11-21T01:05:01.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-14T10:30:01.327",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-13 05:59
Modified
2024-11-21 02:40
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034651 | ||
| secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-15-639 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034651 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-15-639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-0035",
"lastModified": "2024-11-21T02:40:58.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-13T05:59:23.593",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1034651"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-15 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98812 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98812 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | onenote | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50A4D0-ABF4-4EB2-AF63-C8D7E9920099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Office cuando el software no maneja apropiadamente los objetos en la memoria, tambi\u00e9n se conoce como \"Office Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260 y CVE-2017-8506."
}
],
"id": "CVE-2017-8509",
"lastModified": "2024-11-21T03:34:09.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-15T01:29:03.820",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98812"
},
{
"source": "secure@microsoft.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-09 14:53
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-288A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-288A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office | 2013 | |
| microsoft | office_2013_rt | - | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*",
"matchCriteriaId": "3C4CFF7E-7170-4A6B-9A59-9815EE896C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:x64:*",
"matchCriteriaId": "08795370-2A25-4F0D-970D-9B087F980BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:x86:*:*",
"matchCriteriaId": "78F27907-6FAB-4A9D-B100-B3D170520A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*",
"matchCriteriaId": "8383FADC-9391-4570-AAF9-92A952A4F04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
"matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "E926E35D-02F6-4EA0-83C5-31443D3A0F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2013_rt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D33A5EFD-A587-44CE-B9F2-DBE8EC7C686F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "993E5C5C-4C78-4CDA-BF67-5A35814EF621",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Excel 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office para Mac 2011; Excel Viewer; Office Compatibility Pack SP3; y Excel Services y Word Automation Services en SharePoint Server 2013 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de documentos Office manipulados, tambi\u00e9n conocida como \"Vulnerabilidad de corrupci\u00f3n de memoria en Microsoft Excel\"."
}
],
"id": "CVE-2013-3889",
"lastModified": "2024-11-21T01:54:29.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-09T14:53:25.013",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-09 14:53
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-288A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18953 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-288A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18953 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3 y Office Compatibility Pack SP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de documentos Office dise\u00f1ados, tambi\u00e9n conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria.\""
}
],
"id": "CVE-2013-3892",
"lastModified": "2024-11-21T01:54:29.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-09T14:53:25.153",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18953"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | sharepoint_server | 2010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858."
},
{
"lang": "es",
"value": "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a un atacante remoto ejecutar c\u00f3digo a discrecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambien conocida como \"Vulnerbailidad de Corrupci\u00f3n de Memoria\", una vulnerabilidad diferente a CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858."
}
],
"id": "CVE-2013-3848",
"lastModified": "2024-11-21T01:54:24.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-11T14:03:48.220",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100734 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100734 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF929F6-6551-4358-AFBE-3495E8DC7BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BEA4C-18FE-48D1-86AB-670833528150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "93566DC7-8B2D-4EB6-B701-15885F3AEA1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3 cuando no se gestionan correctamente los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-8630, CVE-2017-8631, y CVE-2017-8744."
}
],
"id": "CVE-2017-8632",
"lastModified": "2024-11-21T03:34:23.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-13T01:29:09.693",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/91582 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1036274 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036274 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_rt | 2013 | |
| microsoft | word_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "558B8B5E-125A-4370-A6E9-3CB75808D7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3 y Word Viewer permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento de Office manipulado, tambi\u00e9n conocida como \"Microsoft Office Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2016-3280",
"lastModified": "2024-11-21T02:49:43.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-13T01:59:34.550",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/91582"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-15 17:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104989 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041463 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104989 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041463 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "14F42778-339E-4949-A43D-6E74FA9C0F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac:*:*",
"matchCriteriaId": "AE116A39-963D-43E2-A21B-782271C4F63C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software de Microsoft Excel cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Esto afecta a Microsoft Excel Viewer, Microsoft Office y Microsoft Excel. El ID de este CVE es diferente de CVE-2018-8379."
}
],
"id": "CVE-2018-8375",
"lastModified": "2024-11-21T04:13:42.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-15T17:29:06.907",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104989"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041463"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-25 16:30
Modified
2024-11-21 00:59
Severity ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://blogs.zdnet.com/security/?p=2658 | ||
| secure@microsoft.com | http://isc.sans.org/diary.html?storyid=5923 | ||
| secure@microsoft.com | http://securitytracker.com/id?1021744 | ||
| secure@microsoft.com | http://www.microsoft.com/technet/security/advisory/968272.mspx | Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/bid/33870 | ||
| secure@microsoft.com | http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-104A.html | US Government Resource | |
| secure@microsoft.com | http://www.vupen.com/english/advisories/2009/1023 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 | ||
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/48875 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.zdnet.com/security/?p=2658 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://isc.sans.org/diary.html?storyid=5923 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1021744 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/advisory/968272.mspx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/33870 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-104A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1023 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/48875 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2004 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2002 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_excel_viewer | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "CE1A1218-8033-4F3C-B8D7-7D1D61A273E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:gold:*:*:*:*:*:*",
"matchCriteriaId": "D2289060-BDF3-4F45-B256-FE3DBA8181E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
},
{
"lang": "es",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3 y 2007 SP1; Excel Viewer 2003 Gold y SP3; Excel Viewer; Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP1; y Excel de Microsoft Office 2004 y 2008 para Mac; permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento Excel manipulado que provoca un intento de acceso a un objeto no v\u00e1lido, tal y como se ha explotado libremente en Febrero 2009 por MDropper.XR."
}
],
"id": "CVE-2009-0238",
"lastModified": "2024-11-21T00:59:24.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-25T16:30:00.343",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://blogs.zdnet.com/security/?p=2658"
},
{
"source": "secure@microsoft.com",
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1021744"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/33870"
},
{
"source": "secure@microsoft.com",
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.zdnet.com/security/?p=2658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}