Vulnerabilites related to microsoft - office_web_apps
Vulnerability from fkie_nvd
Published
2012-10-09 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | groove_server | 2010 | |
| microsoft | infopath | 2007 | |
| microsoft | infopath | 2010 | |
| microsoft | lync | 2010 | |
| microsoft | lync | 2010 | |
| microsoft | office_communicator | 2007 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "8B95E5BF-DD0E-4FD4-8462-3E3727B81B56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:infopath:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "5B2097D4-4F29-4B20-982C-248095F881BE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:infopath:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0404648E-DD98-493E-B392-43B47EACFEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*", matchCriteriaId: "0F83FB32-9775-418B-99A7-EC1FEA345F26", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*", matchCriteriaId: "EE98CEE9-200B-494A-B645-D14ACB577250", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_communicator:2007:r2:*:*:*:*:*:*", matchCriteriaId: "7234718B-FD5B-4C9E-8D32-E0A9DDDA7619", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "9C24FB09-DBAD-4F62-BBD6-B81B9EC83D56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "F1DEF955-9253-40A1-A6AD-F0E70A629D23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft InfoPath 2007 SP2 y SP3 y 2010 SP1, Communicator 2007 R2, Lync 2010 y 2010 Attendee, SharePoint Server 2007 SP2 y SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, y Office Web Apps 2010 SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una cadena modificada, también conocido como \"HTML Sanitization Vulnerability.\"", }, ], id: "CVE-2012-2520", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-10-09T21:55:02.643", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/55797", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027625", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027626", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027627", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027628", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027629", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/55797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_viewer | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "0FF929F6-6551-4358-AFBE-3495E8DC7BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*", matchCriteriaId: "A9B12493-4287-4AAD-9A18-D3FC3FCBE172", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", matchCriteriaId: "CC865581-3650-4DC4-9138-C2F71AA3B850", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*", matchCriteriaId: "7AC45CB0-6C84-46D3-B16D-170D46822E54", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word para Mac 2011, Excel para Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2013 SP1 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener información sensible memoria de proceso o provocar una denegación de servicio cause a denial of service (escritura fuera de límites) a través de un documento Office manipulado, vulnerabilidad también conocida como \"Microsoft Office Information Disclosure Vulnerability\".", }, ], id: "CVE-2016-7233", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-10T06:59:46.300", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/94031", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1037246", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { source: "secure@microsoft.com", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/94031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_online_server | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_rt | 2013 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", matchCriteriaId: "D6404DAF-34CC-47A0-B711-87EAC662FD89", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "A06E1824-01B6-4BAE-9789-B0D3776915B9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "558B8B5E-125A-4370-A6E9-3CB75808D7B3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services en SharePoint Server 2010 SP2, Word Automation Services en SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-3282", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-13T01:59:36.423", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/91589", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036274", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036275", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-11-11 12:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services en SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como 'Microsoft Office Memory Corruption Vulnerability'.", }, ], id: "CVE-2015-6093", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-11-11T12:59:32.807", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/77491", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1034118", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1034122", }, { source: "secure@microsoft.com", url: "http://www.zerodayinitiative.com/advisories/ZDI-15-539", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/77491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.zerodayinitiative.com/advisories/ZDI-15-539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-11 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services sobre SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocido como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-0140", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-11T01:59:03.837", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/89953", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1035819", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/89953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035819", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-09 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | groove_server | 2010 | |
| microsoft | infopath | 2010 | |
| microsoft | infopath | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "8B95E5BF-DD0E-4FD4-8462-3E3727B81B56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:infopath:2010:sp1:x64:*:*:*:*:*", matchCriteriaId: "5EAAEB2B-37E6-414E-9194-B43590997CAD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:infopath:2010:sp1:x86:*:*:*:*:*", matchCriteriaId: "1770E2C1-A935-4EDF-9F2E-89C08156BB0F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1 y Office Web Apps 2010 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una cadena hecha a mano, también conocido como \"HTML Sanitization Vulnerability\".", }, ], id: "CVE-2013-1289", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-04-09T22:55:01.110", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Excel cuando el software presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-16929, CVE-2020-16930, CVE-2020-16932", }, ], id: "CVE-2020-16931", lastModified: "2024-11-21T05:07:27.067", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:15.257", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931", }, { source: "secure@microsoft.com", tags: [ "Tool Signature", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1255/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Tool Signature", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1255/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-908", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:-:*:*:*", matchCriteriaId: "BF89FEC4-936E-4226-94F9-2BD0CB0CA09F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:-:*:-:*:-:*", matchCriteriaId: "DC9D0A78-9F16-41E0-910E-E93269DB9B30", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft Excel. Este ID de CVE es diferente a CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129", }, ], id: "CVE-2020-17128", lastModified: "2024-11-21T05:07:52.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:15.153", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.", }, { lang: "es", value: "Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento manipulado, vulnerabilidad también conocida como \"Microsoft Office Memory Corruption Vulnerability\". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052 y CVE-2017-0053.", }, ], id: "CVE-2017-0020", lastModified: "2024-11-21T03:02:11.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-17T00:59:00.617", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96050", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1038010", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.", }, { lang: "es", value: "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2 y Word Automation Services en SharePoint Server 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento manipulado, vulnerabilidad también conocida como \"Microsoft Office Memory Corruption Vulnerability\". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052 y CVE-2017-0053.", }, ], id: "CVE-2017-0030", lastModified: "2024-11-21T03:02:12.783", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-17T00:59:00.900", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96051", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1038010", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "94F5E2F8-0D37-4FCC-B55A-9F09C421272C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "96EBA20F-201E-43AA-9F83-B73FB31696C6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*", matchCriteriaId: "3C4CFF7E-7170-4A6B-9A59-9815EE896C62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*", matchCriteriaId: "0390EFCA-87B4-42D6-817A-603765F49816", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:x64:*", matchCriteriaId: "08795370-2A25-4F0D-970D-9B087F980BBD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:x86:*:*", matchCriteriaId: "78F27907-6FAB-4A9D-B100-B3D170520A74", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "971EC323-267F-4DAF-BA3B-10A47A9F1ADA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", matchCriteriaId: "0D84FC39-29AA-4EF2-ACE7-E72635126F2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "D133FB73-C7F6-481C-B050-C242C771ED21", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", matchCriteriaId: "858F70F4-3128-477D-ACAA-73F0AFA23A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "55C05DB1-03DC-454B-85E5-715938F0E13E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Server 2007 SP3, 2010 SP1 y SP2, y 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office para Mac 2011; Excel Viewer; y Office Compatibility Pack SP3 permiten a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria), a través de un documento Office manipulado, tambien conocida como \"Vulnerabilidad de Corrupción de Memoria en Microsoft Office\".", }, ], id: "CVE-2013-1315", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.027", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { source: "secure@microsoft.com", tags: [ "Exploit", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "A06E1824-01B6-4BAE-9789-B0D3776915B9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word para Mac 2011, Word 2016 para Mac, Word Viewer, Word Automation Services en SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services en SharePoint Server 2013 SP1, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-3357", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-14T10:59:30.950", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/92786", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036785", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, { source: "secure@microsoft.com", url: "https://www.exploit-db.com/exploits/40406/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92786", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/40406/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94671 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94671 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", matchCriteriaId: "CC865581-3650-4DC4-9138-C2F71AA3B850", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7290.", }, { lang: "es", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word para Mac 2011, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener información sensible desde la memoria de proceso o provocar una denegación de servicio (lectura fuera de rango) a través de un documento manipulado, vulnerabilidad también conocida como \"Microsoft Office Information Disclosure Vulnerability\", una vulnerabilidad diferente a CVE-2016-7290.", }, ], id: "CVE-2016-7291", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-20T06:59:01.327", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94671", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037441", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94671", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-12 00:29
Modified
2024-11-21 04:14
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106104 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106104 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2016 | |
| microsoft | powerpoint_viewer | * | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*", matchCriteriaId: "04435803-F25B-4384-8ADD-001E87F5813A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", matchCriteriaId: "CA035812-F35A-43F1-9A8D-EE02201AA10A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", matchCriteriaId: "D6404DAF-34CC-47A0-B711-87EAC662FD89", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9CCB2D72-B779-4772-8F72-7177E3F47A92", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "36A1FA52-BFBD-4C88-9CBE-B68E55C75726", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*", matchCriteriaId: "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "AA10B8A2-2F13-4FAA-A4E2-D615E44AD020", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft PowerPoint cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como \"Microsoft PowerPoint Remote Code Execution Vulnerability\". Esto afecta a Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server y Microsoft SharePoint Server.", }, ], id: "CVE-2018-8628", lastModified: "2024-11-21T04:14:08.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-12T00:29:01.467", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106104", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-12 14:29
Modified
2024-11-21 04:35
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1035.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", matchCriteriaId: "A1A868C4-0A58-4660-9492-1BADD99D8E59", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", matchCriteriaId: "CA035812-F35A-43F1-9A8D-EE02201AA10A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1035.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en el software Microsoft Word, cuando no puede manejar correctamente los objetos en la memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability'. Este ID de CVE es diferente de CVE-2019-1035.", }, ], id: "CVE-2019-1034", lastModified: "2024-11-21T04:35:53.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-12T14:29:03.557", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | 1.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_rt | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", matchCriteriaId: "A1A868C4-0A58-4660-9492-1BADD99D8E59", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:mac_os:*:*", matchCriteriaId: "7996347F-FA43-4665-93AF-8FAA8E720D4A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "558B8B5E-125A-4370-A6E9-3CB75808D7B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en el software de Microsoft Word cuando no puede manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1447, CVE-2020-1448", }, ], id: "CVE-2020-1446", lastModified: "2024-11-21T05:10:34.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:19.823", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_rt | 2013 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", matchCriteriaId: "0D84FC39-29AA-4EF2-ACE7-E72635126F2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:mac:*:*:*:*:*", matchCriteriaId: "447CCA6E-9955-4771-82DD-925380F3C439", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*", matchCriteriaId: "A9B12493-4287-4AAD-9A18-D3FC3FCBE172", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "558B8B5E-125A-4370-A6E9-3CB75808D7B3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.", }, { lang: "es", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office para Mac 2011, Office para Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services en Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016 y Word 2016, permiten una vulnerabilidad de ejecución de código remota cuando el programa no puede manejar inapropiadamente los objetos en la memoria, también se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-0264 y CVE-2017-0265.", }, ], id: "CVE-2017-0254", lastModified: "2024-11-21T03:02:37.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-12T14:29:04.067", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98101", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1038443", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038443", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | forms_server | 2007 | |
| microsoft | forms_server | 2007 | |
| microsoft | groove | 2007 | |
| microsoft | groove_data_bridge_server | 2007 | |
| microsoft | groove_management_server | 2007 | |
| microsoft | groove_server | 2010 | |
| microsoft | groove_server | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | sharepoint_workspace | 2010 | |
| microsoft | sharepoint_workspace | 2010 | |
| microsoft | sharepoint_workspace | 2010 | |
| microsoft | sharepoint_workspace | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:forms_server:2007:sp2:x32:*:*:*:*:*", matchCriteriaId: "0C8A6067-88D9-4662-8F79-B7737B6AD910", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:forms_server:2007:sp2:x64:*:*:*:*:*", matchCriteriaId: "99B29AFF-EBDC-4C1B-BDBD-F9A4CA724F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "5075B5F5-5018-4DEF-B77D-E75C09CB3DF3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove_data_bridge_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "BE6FAE49-E7E6-4996-9369-4F56E11DAD96", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove_management_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "489C0AC9-A6BE-4473-A3FD-35119E8C1FAA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "47B43F05-40AE-4D98-8B5D-A06BF10FE337", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "8B95E5BF-DD0E-4FD4-8462-3E3727B81B56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*", matchCriteriaId: "586E6C37-346C-40BA-AC89-2CEB8C44E190", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*", matchCriteriaId: "48EB5C93-55BF-4608-A9DC-EDD8DE15EE44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*", matchCriteriaId: "CF40F903-0026-4673-89A3-6F889D877E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*", matchCriteriaId: "376C9A84-74B1-4717-B88E-153ADD7D686D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_workspace:2010:*:x32:*:*:*:*:*", matchCriteriaId: "B111D9E7-03E7-4909-B620-6E656CC3DEB7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_workspace:2010:*:x64:*:*:*:*:*", matchCriteriaId: "B92DB5CC-A9C9-4D6E-859E-A18EB38323AB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_workspace:2010:sp1:x32:*:*:*:*:*", matchCriteriaId: "7AC3C326-F415-4D98-9EB4-13CE30D0C6BE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_workspace:2010:sp1:x64:*:*:*:*:*", matchCriteriaId: "FF58F296-B8C8-4C57-A4B5-357BC4CC4CF6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\"", }, { lang: "es", value: "Microsoft Office Groove 2007 Service Pack 2, SharePoint Workspace 2010 Gold y SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold y SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold y SP1, Windows SharePoint Services 3.0 SP2, Windows SharePoint 2010 y Office Web Aplicaciones 2010 Gold y SP1 no gestionan correctamente las partes web que contienen clases XML que referencian a entidades externas, lo que permite a usuarios remotos autenticados leer ficheros de su elección a través de un archivo XML o XSL debidamente modificados. Es un problema también conocido como \"Vulnerabilidad de revelado de fichero remoto de Sharepoint.\"", }, ], id: "CVE-2011-1892", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-09-15T12:26:48.647", references: [ { source: "secure@microsoft.com", url: "http://securityreason.com/securityalert/8386", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/8386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "D2A0758C-6499-407F-823A-6F28BE56805E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.", }, { lang: "es", value: "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, tambien conocida como \"Vulnerbailidad de Corrupción de Memoria\", una vulnerabilidad diferente a CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.", }, ], id: "CVE-2013-3848", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.220", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-14 12:29
Modified
2024-11-21 04:13
Severity ?
Summary
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104319 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041104 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104319 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041104 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka \"Microsoft Office Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando Office Web Apps Server 2013 y Office Online Server fracasan a la hora de gestionar correctamente peticiones web. Esto también se conoce como \"Microsoft Office Elevation of Privilege Vulnerability\". Esto afecta a Microsoft Office y Microsoft Office Online Server. El ID de este CVE es diferente de CVE-2018-8245.", }, ], id: "CVE-2018-8247", lastModified: "2024-11-21T04:13:29.797", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-14T12:29:02.477", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104319", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041104", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft Excel. Este ID de CVE es diferente a CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128.", }, ], id: "CVE-2020-17129", lastModified: "2024-11-21T05:07:52.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:15.213", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-15 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98816 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038668 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98816 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038668 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | word_automation_services | - | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", matchCriteriaId: "CC865581-3650-4DC4-9138-C2F71AA3B850", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el programa no puede manejar apropiadamente los objetos en la memoria, también se conoce como \"Office Remote Code Execution Vulnerability\". Este ID de CVE es diferente de los CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260 y CVE-2017-8506.", }, ], id: "CVE-2017-8512", lastModified: "2024-11-21T03:34:09.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-15T01:29:03.913", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98816", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038668", }, { source: "secure@microsoft.com", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:macos:*:*", matchCriteriaId: "8B615D7A-B7F2-44DF-8699-EB8367ADE65C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando Microsoft Word revela inapropiadamente el contenido de su memoria, también se conoce como \"Microsoft Word Information Disclosure Vulnerability\". Este ID de CVE es diferente de CVE-2020-1502, CVE-2020-1503.", }, ], id: "CVE-2020-1583", lastModified: "2024-11-21T05:10:53.783", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-08-17T19:15:21.600", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-15 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98815 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | powerpoint_for_mac | 2011 | |
| microsoft | powerpoint_for_mac | 2016 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "9932C177-FCBB-4AD1-A42A-1FAB28F392F3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "3AD8FD65-5B71-4EDB-938E-C721497D1516", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "E8183EF0-6363-4372-ABCB-03463EC5FDBE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el software no maneja apropiadamente los objetos en la memoria, también se conoce como \"Office Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260 y CVE-2017-8506.", }, ], id: "CVE-2017-8511", lastModified: "2024-11-21T03:34:09.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-15T01:29:03.883", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98815", }, { source: "secure@microsoft.com", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-15 16:13
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1029598 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1029599 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029598 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029599 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "993E5C5C-4C78-4CDA-BF67-5A35814EF621", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "D2A0758C-6499-407F-823A-6F28BE56805E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:*:*:*:*:*:*:*", matchCriteriaId: "EC8E95D3-C62D-41D2-8B3A-032FEA6B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2003 Service Pack 3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; cOffice Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2, y Office Web Apps Server 2013 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado, también conocido como \"Vulnerabilidad de corrupcion de memoria Word\"", }, ], id: "CVE-2014-0260", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-01-15T16:13:03.883", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029598", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029599", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-10 13:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105499 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041840 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105499 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041840 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", matchCriteriaId: "CA035812-F35A-43F1-9A8D-EE02201AA10A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft Word cuando no gestiona correctamente objetos en vista protegida. Esto también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Esto afecta a Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office y Microsoft Word.", }, ], id: "CVE-2018-8504", lastModified: "2024-11-21T04:13:57.930", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-10T13:29:05.087", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105499", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041840", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "D133FB73-C7F6-481C-B050-C242C771ED21", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", matchCriteriaId: "858F70F4-3128-477D-ACAA-73F0AFA23A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "55C05DB1-03DC-454B-85E5-715938F0E13E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "D2A0758C-6499-407F-823A-6F28BE56805E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.", }, { lang: "es", value: "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado. Aka \"Word Memory Corruption Vulnerability\", una vulnerabilidad diferente de CVE-2013-3848, CVE-2013-3849, y CVE-2013-3858.", }, ], id: "CVE-2013-3847", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.210", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-03-25 13:24
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://technet.microsoft.com/security/advisory/2953095 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://technet.microsoft.com/security/advisory/2953095 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | - |
{ cisaActionDue: "2022-08-15", cisaExploitAdd: "2022-02-15", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Word Memory Corruption Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2011:*:*:*:*:macos:*:*", matchCriteriaId: "BCB90D64-B7B2-4301-91E3-A113569371F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "993E5C5C-4C78-4CDA-BF67-5A35814EF621", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "D2A0758C-6499-407F-823A-6F28BE56805E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:*:*:*:-:*:*:*", matchCriteriaId: "E4CD4956-7280-4187-B613-A97B4B32941C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:*:*:*:rt:*:*:*", matchCriteriaId: "3C81544A-00F9-4B20-B679-CFE60D5B23CB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*", matchCriteriaId: "D7A48E44-F01A-40AD-B8AF-8FE368248003", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*", matchCriteriaId: "7AC45CB0-6C84-46D3-B16D-170D46822E54", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.", }, { lang: "es", value: "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013 y 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office para Mac 2011; Word Automation Services en SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2 y Office Web Apps Server 2013 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de datos RTF manipulados, tal y como fue explotado en marzo 2014.", }, ], id: "CVE-2014-1761", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2014-03-25T13:24:01.067", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://technet.microsoft.com/security/advisory/2953095", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://technet.microsoft.com/security/advisory/2953095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-10 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*", matchCriteriaId: "CF3C2971-447B-4054-86C6-3169B82E525B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "9C24FB09-DBAD-4F62-BBD6-B81B9EC83D56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka \"SharePoint Search Scope Vulnerability.\"", }, { lang: "es", value: "Microsoft Office SharePoint Server 2007 SP2 y SP3, SharePoint Server 2010 Gold y SP1, y Office Web Apps 2010 Gold y SP1 no comprueba correctamente los permisos para los ámbitos de búsqueda, permitiendo a usuarios remotos autenticados obtener información sensible o causar una denegación de servicio (modificación de datos) al cambiar un parámetro en una URL de búsqueda, también conocido como \"SharePoint Search Scope Vulnerability.\"", }, ], id: "CVE-2012-1860", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-07-10T21:55:05.790", references: [ { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-11 21:15
Modified
2024-11-21 06:45
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel | 2016 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office | 2021 | |
| microsoft | office | 2021 | |
| microsoft | office | 2021 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", matchCriteriaId: "48B20360-1A85-4A6A-BA03-0B62C97CCB0C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", matchCriteriaId: "E8426C4D-C00D-44C2-B072-9D600C8B9543", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", matchCriteriaId: "CD88F667-6773-4DB7-B6C3-9C7B769C0808", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", matchCriteriaId: "B342EF98-B414-44D0-BAFB-FCA24294EECE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*", matchCriteriaId: "24DD7E07-4BB1-4914-9CDE-5A27A9A3920E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*", matchCriteriaId: "ADA0E394-3B5E-4C34-955B-EAB645A37518", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*", matchCriteriaId: "72324216-4EB3-4243-A007-FEF3133C7DF9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*", matchCriteriaId: "0FBB0E61-7997-4F26-9C07-54912D3F1C10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", matchCriteriaId: "CF5DDD09-902E-4881-98D0-CB896333B4AA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", matchCriteriaId: "26A3B226-5D7C-4556-9350-5222DC8EFC2C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*", matchCriteriaId: "1AC0C23F-FC55-4DA1-8527-EB4432038FB0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*", matchCriteriaId: "A719B461-7869-46D0-9300-D0A348DC26A5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*", matchCriteriaId: "0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*", matchCriteriaId: "FA51E2C8-321F-454B-A9C1-060885C1F892", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft Office", }, ], id: "CVE-2022-21840", lastModified: "2024-11-21T06:45:32.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-11T21:15:09.483", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:*:*:*:*", matchCriteriaId: "EBF47B12-FC83-461C-8F18-A67CBDEFDE62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Excel cuando el software presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-16929, CVE-2020-16930, CVE-2020-16931", }, ], id: "CVE-2020-16932", lastModified: "2024-11-21T05:07:27.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:15.307", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932", }, { source: "secure@microsoft.com", tags: [ "Tool Signature", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1253/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Tool Signature", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1253/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-908", }, { lang: "en", value: "CWE-909", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28453 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-423/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28453 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-423/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*", matchCriteriaId: "D7A48E44-F01A-40AD-B8AF-8FE368248003", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft Word", }, ], id: "CVE-2021-28453", lastModified: "2024-11-21T05:59:42.283", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-04-13T20:15:20.343", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28453", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-423/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-423/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:x64:*", matchCriteriaId: "E03BB51F-14CE-4FFC-ADCD-15B5B694563B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:x86:*:*", matchCriteriaId: "C3ADF60E-8802-4738-A6A6-BF2790225BB0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "00A48B3D-7639-4F74-83CB-79D951458C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:x86:*:*", matchCriteriaId: "8A4BC977-9CE3-4E6A-BEBB-0FFBDD975722", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Word Automation Services en SharePoint Server 2010 SP1 y SP2, Word Web App 2010 SP1 y SP2 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 y SP2, Office Compatibility Pack SP3, y Word Viewer permite a atacantes remotos ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado, tambien conocida como \"Vulnerabilidad de Corrupción de Memoria en Word\".", }, ], id: "CVE-2013-3857", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.293", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2019:*:*:*:*:-:*:*", matchCriteriaId: "AA21E544-1745-4B4F-8CB0-F4467C53B42B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2019:*:*:*:*:macos:*:*", matchCriteriaId: "D3700A43-268B-4BE2-9D01-FFE468896291", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft Excel. Este ID de CVE es diferente a CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129", }, ], id: "CVE-2020-17123", lastModified: "2024-11-21T05:07:51.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:14.857", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint_for_mac | 2016 | |
| microsoft | powerpoint_viewer | * | |
| microsoft | sharepoint_designer | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "AE2E98C5-71A4-4014-AFC4-5438FEC196D2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9CCB2D72-B779-4772-8F72-7177E3F47A92", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "36A1FA52-BFBD-4C88-9CBE-B68E55C75726", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "E8183EF0-6363-4372-ABCB-03463EC5FDBE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "AA10B8A2-2F13-4FAA-A4E2-D615E44AD020", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "304608B5-63CB-4F95-9C5B-2D5EFA83BC36", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 para Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-3360", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-14T10:59:34.373", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/92796", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036785", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92796", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | office_web_apps | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "D2A0758C-6499-407F-823A-6F28BE56805E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:x64:*", matchCriteriaId: "E03BB51F-14CE-4FFC-ADCD-15B5B694563B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.", }, { lang: "es", value: "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupcion de memoria) a través de un documento de Office manipulado . Conocido también como \"Vulnerabilidad de Corrupción de Memoria en Word\". Vulnerabilidad diferente a CVE-2013-3847, CVE-2013-3848, y CVE-2013-3858.", }, ], id: "CVE-2013-3849", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.227", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100751 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100751 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_viewer | 2007 | |
| microsoft | excel_web_app | 2013 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | * | |
| microsoft | office_web_apps | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*", matchCriteriaId: "5A70D659-F648-4870-852A-4E86D1F4B646", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*", matchCriteriaId: "98BF87B2-CE8F-4977-9436-9BE5821CF1B0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*", matchCriteriaId: "0390EFCA-87B4-42D6-817A-603765F49816", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "E4635DA5-27DA-43FF-92AC-A9F80218A2F0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_web_app:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "BCFAB1AB-D9E4-4845-A9CA-29D757B41D8E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", matchCriteriaId: "D6404DAF-34CC-47A0-B711-87EAC662FD89", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:*:*:*:*:*:*:*", matchCriteriaId: "93566DC7-8B2D-4EB6-B701-15885F3AEA1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3 y Office Online Server cuando no se gestionan correctamente los objetos en la memoria. Esto también se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-8630, CVE-2017-8632, y CVE-2017-8744.", }, ], id: "CVE-2017-8631", lastModified: "2024-11-21T03:34:23.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-13T01:29:09.660", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100751", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039315", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-09 14:53
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "993E5C5C-4C78-4CDA-BF67-5A35814EF621", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka \"Parameter Injection Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Server 2007 SP3 y 2010 SP1 y SP2 permite a atacantes remotos llevar a cabo ataques clickjacking a través de una página web diseñada, también conocida como \"Vulnerabilidad de Inyección de Parámetros\".", }, ], id: "CVE-2013-3895", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-10-09T14:53:25.200", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18991", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "94F5E2F8-0D37-4FCC-B55A-9F09C421272C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*", matchCriteriaId: "E28626D8-AF3A-487F-BAAB-3955E44D2A35", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "0FF929F6-6551-4358-AFBE-3495E8DC7BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "0C6BEA4C-18FE-48D1-86AB-670833528150", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "971EC323-267F-4DAF-BA3B-10A47A9F1ADA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "C3E93E7B-E61E-4755-8AE8-C333E6144655", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Services en SharePoint Server 2013 SP1 y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-0054", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-10T11:59:18.643", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1034976", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-15 15:15
Modified
2024-11-21 06:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | 365_apps | - | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel | 2016 | |
| microsoft | excel_rt | 2013 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office | 2021 | |
| microsoft | office | 2021 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", matchCriteriaId: "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", matchCriteriaId: "CD25F492-9272-4836-832C-8439EBE64CCF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", matchCriteriaId: "48B20360-1A85-4A6A-BA03-0B62C97CCB0C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", matchCriteriaId: "E8426C4D-C00D-44C2-B072-9D600C8B9543", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", matchCriteriaId: "CD88F667-6773-4DB7-B6C3-9C7B769C0808", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", matchCriteriaId: "B342EF98-B414-44D0-BAFB-FCA24294EECE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "27745C7E-94A0-4C2A-8318-684CB85F48D2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", matchCriteriaId: "CF5DDD09-902E-4881-98D0-CB896333B4AA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", matchCriteriaId: "26A3B226-5D7C-4556-9350-5222DC8EFC2C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*", matchCriteriaId: "1AC0C23F-FC55-4DA1-8527-EB4432038FB0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*", matchCriteriaId: "A719B461-7869-46D0-9300-D0A348DC26A5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel", }, ], id: "CVE-2021-43256", lastModified: "2024-11-21T06:28:56.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-15T15:15:10.730", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-12 14:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/97417 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97417 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_web_app | 2010 | |
| microsoft | office_online_server | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel_web_app:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "C35FE520-68CD-4EE8-A5D6-3D2E351AE0F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", matchCriteriaId: "D6404DAF-34CC-47A0-B711-87EAC662FD89", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka \"Microsoft Office XSS Elevation of Privilege Vulnerability.\"", }, { lang: "es", value: "Microsoft Excel Services en Microsoft SharePoint Server 2010 SP1 y SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 y Office Online Server permiten a atacantes remotos llevar a cabo XXS y ejecutar secuencias de comandos con privilegios de usuario local a través de una solicitud manipulada, vulnerabilidad también conocida como \"Microsoft Office XSS Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2017-0195", lastModified: "2024-11-21T03:02:32.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-12T14:59:01.093", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97417", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:-:*:*:*", matchCriteriaId: "BF89FEC4-936E-4226-94F9-2BD0CB0CA09F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Ejecución Remota de Código de Microsoft Excel Este ID de CVE es diferente de CVE-2020-17019, CVE-2020-17064, CVE-2020-17066.", }, ], id: "CVE-2020-17065", lastModified: "2024-11-21T05:07:44.607", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-11-11T07:15:17.530", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Excel. Este ID de CVE es diferente de CVE-2021-24067, CVE-2021-24068, CVE-2021-24069", }, ], id: "CVE-2021-24070", lastModified: "2024-11-21T05:52:17.180", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:14.350", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-16 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*", matchCriteriaId: "69998A67-CB15-4217-8AD6-43F9BA3C6454", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*", matchCriteriaId: "349E9084-8116-43E9-8B19-CA521C96660D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos obtener información sensible de la memoria del proceso a través de un documento de Office manipulado, también conocida como \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], id: "CVE-2016-3234", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-16T01:59:36.107", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036093", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-11 16:15
Modified
2024-11-21 05:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-332/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-332/ | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Excel. Este ID de CVE es diferente de CVE-2021-27054", }, ], id: "CVE-2021-27053", lastModified: "2024-11-21T05:57:15.463", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-03-11T16:15:17.207", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-332/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-332/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102406 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102406 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*", matchCriteriaId: "04435803-F25B-4384-8ADD-001E87F5813A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\".", }, { lang: "es", value: "Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestiona el contenido RTF. Esto también se conoce como \"Microsoft Word Memory Corruption Vulnerability\".", }, ], id: "CVE-2018-0797", lastModified: "2024-11-21T03:38:58.187", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-10T01:29:00.680", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102406", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040153", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102406", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040153", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100780 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039344 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100780 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039344 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | live_meeting | 2007 | |
| microsoft | lync | 2010 | |
| microsoft | lync | 2010 | |
| microsoft | lync | 2013 | |
| microsoft | office_2007 | - | |
| microsoft | office_2010 | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_word_viewer | - | |
| microsoft | skype_for_business | 2016 | |
| microsoft | windows_7 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*", matchCriteriaId: "A0BB045C-AAC8-42F2-84A9-062630FA14E9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*", matchCriteriaId: "0F83FB32-9775-418B-99A7-EC1FEA345F26", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*", matchCriteriaId: "EE98CEE9-200B-494A-B645-D14ACB577250", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "8B854E18-7CB0-43F7-9EBF-E356FA176B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*", matchCriteriaId: "8AF1FCE5-BA29-4968-ADE4-0500B50ADDF8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*", matchCriteriaId: "ABC68ECB-4FB5-4702-A16D-77A36A715BA6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*", matchCriteriaId: "C64B2636-8F96-48BA-921F-A8FA0E62DE63", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*", matchCriteriaId: "D499807D-91F3-447D-B9F0-D612898C9339", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", matchCriteriaId: "7519928D-0FF2-4584-8058-4C7764CD5671", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", matchCriteriaId: "0C28897B-044A-447B-AD76-6397F8190177", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\"", }, { lang: "es", value: "El componente Uniscribe de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 y 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee y Live Meeting 2007 Add-in y Console permite que un atacante ejecute código remotamente mediante una página web, un documento o archivo de correo adjunto especialmente manipulados. Esto también se conoce como \"Microsoft Graphics Component Remote Code Execution\".", }, ], id: "CVE-2017-8696", lastModified: "2024-11-21T03:34:31.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-13T01:29:10.380", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100780", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039344", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039344", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2019 | |
| microsoft | office_online_server | 1.0 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_rt | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "558B8B5E-125A-4370-A6E9-3CB75808D7B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en el software de Microsoft Word cuando no puede manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1446, CVE-2020-1447", }, ], id: "CVE-2020-1448", lastModified: "2024-11-21T05:10:34.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:20.010", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-09 19:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104052 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040853 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104052 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040853 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*", matchCriteriaId: "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft Office cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como \"Microsoft Office Remote Code Execution Vulnerability\". Esto afecta a Microsoft Word, Word, Microsoft Office y Microsoft SharePoint. El ID de este CVE es diferente de CVE-2018-8157 y CVE-2018-8158.", }, ], id: "CVE-2018-8161", lastModified: "2024-11-21T04:13:22.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-09T19:29:02.573", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104052", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040853", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Excel. Este ID de CVE es diferente de CVE-2021-24068, CVE-2021-24069, CVE-2021-24070", }, ], id: "CVE-2021-24067", lastModified: "2024-11-21T05:52:16.797", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:14.180", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-09 17:15
Modified
2024-11-21 06:47
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Microsoft Excel Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | 365_apps | - | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_long_term_servicing_channel | 2021 | |
| microsoft | office_long_term_servicing_channel | 2021 | |
| microsoft | office_long_term_servicing_channel | 2021 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", matchCriteriaId: "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", matchCriteriaId: "CD25F492-9272-4836-832C-8439EBE64CCF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", matchCriteriaId: "48B20360-1A85-4A6A-BA03-0B62C97CCB0C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", matchCriteriaId: "E8426C4D-C00D-44C2-B072-9D600C8B9543", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", matchCriteriaId: "CD88F667-6773-4DB7-B6C3-9C7B769C0808", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", matchCriteriaId: "B342EF98-B414-44D0-BAFB-FCA24294EECE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", matchCriteriaId: "CF5DDD09-902E-4881-98D0-CB896333B4AA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", matchCriteriaId: "26A3B226-5D7C-4556-9350-5222DC8EFC2C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*", matchCriteriaId: "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*", matchCriteriaId: "6C9D7C93-E8CB-4A8A-BA15-093B03ACC62F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", matchCriteriaId: "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Information Disclosure Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Divulgación de Información de Microsoft Excel", }, ], id: "CVE-2022-22716", lastModified: "2024-11-21T06:47:18.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2022-02-09T17:15:10.170", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22716", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-12-11 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:*:*:*:*:*:*:*", matchCriteriaId: "93566DC7-8B2D-4EB6-B701-15885F3AEA1E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "993E5C5C-4C78-4CDA-BF67-5A35814EF621", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka \"SharePoint Page Content Vulnerabilities.\"", }, { lang: "es", value: "Microsoft SharePoint Server 2010 SP1 y SP2 y 2013, y Office Web Apps 2013, permite a atacantes remotos ejecutar código arbitrario a través de un contenido de página manipulado, también conocido como \"Vulnerabilidades de contenido SharePoint\".", }, ], id: "CVE-2013-5059", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-12-11T00:55:04.303", references: [ { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft Excel. Este ID de CVE es diferente a CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129", }, ], id: "CVE-2020-17122", lastModified: "2024-11-21T05:07:51.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:14.793", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-11 16:15
Modified
2024-11-21 05:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-334/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-334/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Office. Este ID de CVE es diferente de CVE-2021-24108, CVE-2021-27059", }, ], id: "CVE-2021-27057", lastModified: "2024-11-21T05:57:15.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-03-11T16:15:17.457", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-334/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-334/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-14 17:29
Modified
2024-11-21 03:39
Severity ?
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103311 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040526 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103311 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040526 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*", matchCriteriaId: "04435803-F25B-4384-8ADD-001E87F5813A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*", matchCriteriaId: "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\".", }, { lang: "es", value: "Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 y Microsoft Word 2016 permiten una vulnerabilidad de divulgación de información debido a la forma en la que se inicializan las variables. Estot ambién se conoce como \"Microsoft Office Information Disclosure Vulnerability\".", }, ], id: "CVE-2018-0919", lastModified: "2024-11-21T03:39:13.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-14T17:29:02.887", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103311", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040526", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103311", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040526", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-908", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-04-14 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*", matchCriteriaId: "69998A67-CB15-4217-8AD6-43F9BA3C6454", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*", matchCriteriaId: "349E9084-8116-43E9-8B19-CA521C96660D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de uso después de liberación en Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, y Office Web Apps Server 2010 SP2 permite a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocido como 'vulnerabilidad del uso después de liberación de componentes de Microsoft Office.'", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", id: "CVE-2015-1649", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-04-14T20:59:11.767", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1032104", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1032104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-14 01:29
Modified
2024-11-21 04:14
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105835 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1042112 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105835 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042112 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft Word cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Esto afecta a Microsoft SharePoint Server y Microsoft Office. El ID de este CVE es diferente de CVE-2018-8573.", }, ], id: "CVE-2018-8539", lastModified: "2024-11-21T04:14:00.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-14T01:29:00.770", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105835", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042112", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105835", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042112", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Excel. Este ID de CVE es diferente de CVE-2021-24067, CVE-2021-24068, CVE-2021-24070", }, ], id: "CVE-2021-24069", lastModified: "2024-11-21T05:52:17.043", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:14.290", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-09 14:53
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office | 2013 | |
| microsoft | office_2013_rt | - | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*", matchCriteriaId: "3C4CFF7E-7170-4A6B-9A59-9815EE896C62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:x64:*", matchCriteriaId: "08795370-2A25-4F0D-970D-9B087F980BBD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:x86:*:*", matchCriteriaId: "78F27907-6FAB-4A9D-B100-B3D170520A74", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "971EC323-267F-4DAF-BA3B-10A47A9F1ADA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*", matchCriteriaId: "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*", matchCriteriaId: "8383FADC-9391-4570-AAF9-92A952A4F04F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", matchCriteriaId: "0D84FC39-29AA-4EF2-ACE7-E72635126F2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:*:*:*:*:*:*:*", matchCriteriaId: "E926E35D-02F6-4EA0-83C5-31443D3A0F01", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2013_rt:-:*:*:*:*:*:*:*", matchCriteriaId: "D33A5EFD-A587-44CE-B9F2-DBE8EC7C686F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "993E5C5C-4C78-4CDA-BF67-5A35814EF621", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Excel 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office para Mac 2011; Excel Viewer; Office Compatibility Pack SP3; y Excel Services y Word Automation Services en SharePoint Server 2013 permite a atacantes remotos ejecutar código arbitrario a través de documentos Office manipulados, también conocida como \"Vulnerabilidad de corrupción de memoria en Microsoft Excel\".", }, ], id: "CVE-2013-3889", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-10-09T14:53:25.013", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 20:15
Modified
2024-11-21 07:43
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2019 | |
| microsoft | office_long_term_servicing_channel | 2021 | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", matchCriteriaId: "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*", matchCriteriaId: "FA51E2C8-321F-454B-A9C1-060885C1F892", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], id: "CVE-2023-21716", lastModified: "2024-11-21T07:43:29.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T20:15:14.360", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:x64:*", matchCriteriaId: "E03BB51F-14CE-4FFC-ADCD-15B5B694563B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:x86:*:*", matchCriteriaId: "C3ADF60E-8802-4738-A6A6-BF2790225BB0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.", }, { lang: "es", value: "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, tambien conocido como \"Vulnerabilidad de Corrupción de Memoria en Word\", una vulnerabilidad diferente a CVE-2013-3847, CVE-2013-3848, y CVE-2013-3849.", }, ], id: "CVE-2013-3858", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.300", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-04-14 20:59
Modified
2025-04-12 10:46
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/73995 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1032104 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73995 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032104 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | outlook | 2011 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2011 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 |
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Office Memory Corruption Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:outlook:2011:*:*:*:*:mac_os_x:*:*", matchCriteriaId: "2307F3E3-6763-46F8-8536-BB1BFA698462", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2011:*:*:*:*:macos:*:*", matchCriteriaId: "126AF471-BF9D-4872-BAD3-A9DC9D89686D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*", matchCriteriaId: "D7A48E44-F01A-40AD-B8AF-8FE368248003", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, y Office Web Apps Server 2010 SP2 y 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento RTF manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Microsoft Office.'", }, ], id: "CVE-2015-1641", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2015-04-14T20:59:05.250", references: [ { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/73995", }, { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032104", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/73995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_web_app | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | 1.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:*:*:*:*", matchCriteriaId: "EBF47B12-FC83-461C-8F18-A67CBDEFDE62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_web_app:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "C35FE520-68CD-4EE8-A5D6-3D2E351AE0F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:macos:*:*", matchCriteriaId: "8B615D7A-B7F2-44DF-8699-EB8367ADE65C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Excel cuando el software presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-16930, CVE-2020-16931, CVE-2020-16932", }, ], id: "CVE-2020-16929", lastModified: "2024-11-21T05:07:26.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:15.163", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1251/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1251/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_rt | 2013 | |
| microsoft | office | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint_rt | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_rt | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "27745C7E-94A0-4C2A-8318-684CB85F48D2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9CCB2D72-B779-4772-8F72-7177E3F47A92", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "2FA6DEE3-84A5-42DC-9C52-21A3986376C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "558B8B5E-125A-4370-A6E9-3CB75808D7B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka \"Microsoft Office Remote Code Execution Vulnerability.\"", }, { lang: "es", value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un archivo XLA manipulado, también conocida como \"Microsoft Office Remote Code Execution Vulnerability\".", }, ], id: "CVE-2016-3279", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-13T01:59:33.610", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/91587", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036274", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036275", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-254", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", matchCriteriaId: "A1A868C4-0A58-4660-9492-1BADD99D8E59", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", matchCriteriaId: "CA035812-F35A-43F1-9A8D-EE02201AA10A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Hay una vulnerabilidad de ejecución de código remota en el software Microsoft Word cuando da un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\".", }, ], id: "CVE-2020-0980", lastModified: "2024-11-21T04:54:35.187", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:18.793", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100741 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039323 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100741 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039323 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2016 | |
| microsoft | powerpoint_viewer | 2010 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "AE2E98C5-71A4-4014-AFC4-5438FEC196D2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9CCB2D72-B779-4772-8F72-7177E3F47A92", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "36A1FA52-BFBD-4C88-9CBE-B68E55C75726", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*", matchCriteriaId: "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_viewer:2010:*:*:*:*:*:*:*", matchCriteriaId: "8871A04D-4B02-4A8C-BAFC-EB27D23AD346", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8743.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2 y Microsoft Office Compatibility Pack Service Pack 3 cuando manejan incorrectamente objetos en la memoria. Esto también se conoce como \"PowerPoint Remote Code Execution Vulnerability\" El ID de este CVE es distinto a CVE-2017-8743.", }, ], id: "CVE-2017-8742", lastModified: "2024-11-21T03:34:36.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-13T01:29:11.630", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100741", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039323", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039323", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_for_mac | 2011 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "0FF929F6-6551-4358-AFBE-3495E8DC7BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*", matchCriteriaId: "A9B12493-4287-4AAD-9A18-D3FC3FCBE172", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "A06E1824-01B6-4BAE-9789-B0D3776915B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2010 SP2, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar un código arbitrario a través de un documento Office manipulado, vulnerabilidad también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-7234", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-10T06:59:47.363", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/94020", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1037246", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { source: "secure@microsoft.com", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/94020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:-:*:*:*", matchCriteriaId: "BF89FEC4-936E-4226-94F9-2BD0CB0CA09F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:-:*:*:*", matchCriteriaId: "552E1557-D6FA-45DD-9B52-E13ACDBB8A62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:-:*:-:*:-:*", matchCriteriaId: "DC9D0A78-9F16-41E0-910E-E93269DB9B30", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Ejecución Remota de Código de Microsoft Excel Este ID de CVE es diferente de CVE-2020-17019, CVE-2020-17065, CVE-2020-17066.", }, ], id: "CVE-2020-17064", lastModified: "2024-11-21T05:07:44.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-11-11T07:15:17.450", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-15 17:29
Modified
2024-11-21 04:13
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104996 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104996 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_viewer | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | office_word_viewer | - | |
| microsoft | sharepoint_enterprise_server_2013 | - | |
| microsoft | sharepoint_enterprise_server_2016 | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word_automation_services | - | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "E4635DA5-27DA-43FF-92AC-A9F80218A2F0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*", matchCriteriaId: "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*", matchCriteriaId: "C64B2636-8F96-48BA-921F-A8FA0E62DE63", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server_2013:-:sp1:*:*:*:*:*:*", matchCriteriaId: "8725A383-4813-4220-8D2E-4CB86D0EC119", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "67F75889-16AE-44C3-85C9-818A856A0D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", matchCriteriaId: "CC865581-3650-4DC4-9138-C2F71AA3B850", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.", }, { lang: "es", value: "Existe una vulnerabilidad de divulgación de información cuando el software de Microsoft Office lee memoria fuera de límites debido a una variable no inicializada, lo que podría divulgar los contenidos de memoria. Esto también se conoce como \"Microsoft Office Information Disclosure Vulnerability\". Esto afecta a Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint y Microsoft Office.", }, ], id: "CVE-2018-8378", lastModified: "2024-11-21T04:13:42.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-15T17:29:07.267", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104996", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-908", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-16 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "A06E1824-01B6-4BAE-9789-B0D3776915B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-0025", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.3, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-16T01:59:01.680", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036093", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Excel. Este ID de CVE es diferente de CVE-2021-24067, CVE-2021-24069, CVE-2021-24070", }, ], id: "CVE-2021-24068", lastModified: "2024-11-21T05:52:16.920", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:14.243", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-11 16:15
Modified
2024-11-21 05:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-507/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-507/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Excel. Este ID de CVE es diferente de CVE-2021-27053", }, ], id: "CVE-2021-27054", lastModified: "2024-11-21T05:57:15.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-03-11T16:15:17.270", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-507/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-507/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-10 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Script in Username Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft SharePoint Server 2010 Gold y SP1, SharePoint Foundation 2010 Gold y SP1, y Office Web Apps 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de elementos JavaScript en una URL, también conocido como \"SharePoint Script in Username Vulnerability.\"", }, ], id: "CVE-2012-1861", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-07-10T21:55:05.917", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_online_server | 1.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", matchCriteriaId: "A1A868C4-0A58-4660-9492-1BADD99D8E59", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", matchCriteriaId: "CA035812-F35A-43F1-9A8D-EE02201AA10A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en el software Microsoft Word, cuando falla al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.", }, ], id: "CVE-2020-0892", lastModified: "2024-11-21T04:54:24.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T16:15:20.720", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-14 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user.
To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software.
Two possible email attack scenarios exist for this vulnerability:
• With the first email attack scenario, an attacker could send a specially crafted email message to the user and wait for the user to click on the message. When the message renders via Microsoft Word in the Outlook Preview Pane, an attack could be triggered.
• With the second scenario, an attacker could attach a specially crafted file to an email, send it to a user, and convince them to open it.
In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or other message, and then convince the user to open the specially crafted file.
The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.
For users who view their emails in Outlook, the Preview Pane attack vector can be mitigated by disabling this feature. The following registry keys can be set to disable the Preview Pane in Outlook on Windows, either via manual editing of the registry or by modifying Group Policy.
Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
Outlook 2010:
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Options
DWORD: DisableReadingPane
Value: 1
Outlook 2013:
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options
DWORD: DisableReadingPane
Value: 1
Outlook 2016, Outlook 2019, and Office 365 ProPlus:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options
DWORD: DisableReadingPane
Value: 1
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", matchCriteriaId: "A1A868C4-0A58-4660-9492-1BADD99D8E59", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", matchCriteriaId: "CA035812-F35A-43F1-9A8D-EE02201AA10A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user.\nTo exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software.\nTwo possible email attack scenarios exist for this vulnerability:\n•\tWith the first email attack scenario, an attacker could send a specially crafted email message to the user and wait for the user to click on the message. When the message renders via Microsoft Word in the Outlook Preview Pane, an attack could be triggered.\n•\tWith the second scenario, an attacker could attach a specially crafted file to an email, send it to a user, and convince them to open it.\nIn a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or other message, and then convince the user to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.\nFor users who view their emails in Outlook, the Preview Pane attack vector can be mitigated by disabling this feature. The following registry keys can be set to disable the Preview Pane in Outlook on Windows, either via manual editing of the registry or by modifying Group Policy.\nNote Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.\nOutlook 2010:\nHKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Outlook\\Options\nDWORD: DisableReadingPane\nValue: 1\nOutlook 2013:\nHKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Options\nDWORD: DisableReadingPane\nValue: 1\nOutlook 2016, Outlook 2019, and Office 365 ProPlus:\nHKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Options\nDWORD: DisableReadingPane\nValue: 1\n", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en el programa Microsoft Word cuando no puede manejar apropiadamente los objetos en la memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2019-1205.", }, ], id: "CVE-2019-1201", lastModified: "2024-11-21T04:36:13.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-14T21:15:17.970", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-13 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_rt | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "A06E1824-01B6-4BAE-9789-B0D3776915B9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "558B8B5E-125A-4370-A6E9-3CB75808D7B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word para Mac 2011, Word 2016 para Mac, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-3281", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-13T01:59:35.440", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/91588", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036274", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036275", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-10 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9CCB2D72-B779-4772-8F72-7177E3F47A92", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "AA10B8A2-2F13-4FAA-A4E2-D615E44AD020", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft PowerPoint 2010 SP2, PowerPoint Viewer y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, vulnerabilidad también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-7230", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-10T06:59:43.377", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/94006", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1037246", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/94006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-10-14 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1033804 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033804 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_web_app | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel_web_app:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "C35FE520-68CD-4EE8-A5D6-3D2E351AE0F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka \"Microsoft Office Web Apps XSS Spoofing Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft Excel Services en SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1 y SharePoint Foundation 2013 SP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como 'Microsoft Office Web Apps XSS Spoofing Vulnerability'.", }, ], id: "CVE-2015-6037", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-10-14T01:59:14.170", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033803", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033804", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:macos:*:*", matchCriteriaId: "8B615D7A-B7F2-44DF-8699-EB8367ADE65C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando el software Microsoft Office lee la memoria fuera de limites debido a una variable no inicializada, que podría revelar el contenido de la memoria, también se conoce como \"Microsoft Office Information Disclosure Vulnerability\". Este ID de CVE es diferente de CVE-2020-1445", }, ], id: "CVE-2020-1342", lastModified: "2024-11-21T05:10:17.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:12.713", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-908", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | 1.0 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Excel cuando el software presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Excel Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1193, CVE-2020-1332, CVE-2020-1594", }, ], id: "CVE-2020-1335", lastModified: "2024-11-21T05:10:16.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:20.450", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft Excel Information Disclosure Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Information Disclosure Vulnerability", }, { lang: "es", value: "Vulnerabilidad de divulgación de información en Microsoft Excel", }, ], id: "CVE-2020-17126", lastModified: "2024-11-21T05:07:52.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:15.043", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "96EBA20F-201E-43AA-9F83-B73FB31696C6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft Excel. Este ID de CVE es diferente a CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129", }, ], id: "CVE-2020-17125", lastModified: "2024-11-21T05:07:51.943", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:14.980", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:macos:*:*", matchCriteriaId: "8B615D7A-B7F2-44DF-8699-EB8367ADE65C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando Microsoft Word revela inapropiadamente el contenido de su memoria, también se conoce como \"Microsoft Word Information Disclosure Vulnerability\". Este ID de CVE es diferente de CVE-2020-1502, CVE-2020-1583.", }, ], id: "CVE-2020-1503", lastModified: "2024-11-21T05:10:42.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-17T19:15:16.817", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-14 17:29
Modified
2024-11-21 03:39
Severity ?
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103314 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040511 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103314 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040511 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | office_word_viewer | - | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac:*:*", matchCriteriaId: "AE116A39-963D-43E2-A21B-782271C4F63C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*", matchCriteriaId: "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp2:*:*:*:*:*:*", matchCriteriaId: "55AA5CC4-AF80-49A2-ACD1-5644AA971044", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*", matchCriteriaId: "C64B2636-8F96-48BA-921F-A8FA0E62DE63", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:*:*:*:*:*:*:*", matchCriteriaId: "EC8E95D3-C62D-41D2-8B3A-032FEA6B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\".", }, { lang: "es", value: "Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 y Microsoft Word 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2018-0922", lastModified: "2024-11-21T03:39:13.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-14T17:29:02.980", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103314", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040511", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103314", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040511", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-12-12 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-346A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-346A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_compatibility_pack | - | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_word_viewer | - | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 |
{ cisaActionDue: "2022-04-18", cisaExploitAdd: "2022-03-28", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Word Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp2:*:*:*:*:*:*", matchCriteriaId: "55AA5CC4-AF80-49A2-ACD1-5644AA971044", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*", matchCriteriaId: "C64B2636-8F96-48BA-921F-A8FA0E62DE63", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "262BC12C-246A-41AB-A08D-3D205156F074", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "D2A0758C-6499-407F-823A-6F28BE56805E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"Word RTF 'listoverridecount' Remote Code Execution Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Word Viewer; Office Compatibility Pack SP2 y SP3; y Office Web Apps 2010 SP1 permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de datos RTF modificados, alias \"Word RTF 'listoverridecount' Remote Code Execution Vulnerability.\"", }, ], id: "CVE-2012-2539", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2012-12-12T00:55:01.060", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-346A.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079", }, { source: "secure@microsoft.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-346A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94670 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94670 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", matchCriteriaId: "CC865581-3650-4DC4-9138-C2F71AA3B850", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7291.", }, { lang: "es", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener información sensible del proceso de memoria o provocar una denegación de servicio (lectura fuera de límites) a través de un documento manipulado, vulnerabilidad también conocida como \"Microsoft Office Information Disclosure Vulnerability\", una vulnerabilidad diferente a CVE-2016-7291.", }, ], id: "CVE-2016-7290", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-20T06:59:01.297", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94670", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037441", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Word Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Word. Este ID de CVE es diferente de CVE-2021-1716", }, ], id: "CVE-2021-1715", lastModified: "2024-11-21T05:44:57.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:34.697", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1715", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | 1.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_rt | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", matchCriteriaId: "A1A868C4-0A58-4660-9492-1BADD99D8E59", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:mac_os:*:*", matchCriteriaId: "7996347F-FA43-4665-93AF-8FAA8E720D4A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "558B8B5E-125A-4370-A6E9-3CB75808D7B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en el software de Microsoft Word cuando no puede manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1446, CVE-2020-1448", }, ], id: "CVE-2020-1447", lastModified: "2024-11-21T05:10:34.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:19.900", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98297 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98297 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | project_server | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | skype_for_business | 2016 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "597153BC-B8A7-45E5-AE3F-D897FAE4C7FB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*", matchCriteriaId: "D499807D-91F3-447D-B9F0-D612898C9339", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.", }, { lang: "es", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2, Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016 y Skype for Business 2016, permiten una vulnerabilidad de ejecución de código remota cuando el software no puede manejar apropiadamente los objetos en la memoria, también se conoce como \"Office Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-0261 y CVE-2017-0262.", }, ], id: "CVE-2017-0281", lastModified: "2024-11-21T03:02:41.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-12T14:29:06.660", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98297", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-12 01:29
Modified
2024-11-21 03:59
Severity ?
Summary
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103641 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040654 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103641 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040654 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_services | - | |
| microsoft | office | 2013 | |
| microsoft | office | 2013_rt | |
| microsoft | office | 2016 | |
| microsoft | office_2010 | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | word_automation_services | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel_services:-:*:*:*:*:*:*:*", matchCriteriaId: "EFA44CFC-016A-4D68-93E2-33883E34E26D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013_rt:sp1:*:*:*:*:*:*", matchCriteriaId: "30C744C1-EACB-4D91-A72B-468842308AA3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*", matchCriteriaId: "ABC68ECB-4FB5-4702-A16D-77A36A715BA6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", matchCriteriaId: "CC865581-3650-4DC4-9138-C2F71AA3B850", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka \"Microsoft Office Graphics Remote Code Execution Vulnerability.\" This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código cuando el componente de gráficos de Office gestiona fuentes embebidas especialmente manipuladas. Esto también se conoce como \"Microsoft Office Graphics Remote Code Execution Vulnerability\". Esto afecta a Word, Microsoft Office, Microsoft SharePoint, Excel y Microsoft SharePoint Server.", }, ], id: "CVE-2018-1028", lastModified: "2024-11-21T03:59:01.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-12T01:29:10.173", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103641", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040654", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100734 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100734 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039315 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "0FF929F6-6551-4358-AFBE-3495E8DC7BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "0C6BEA4C-18FE-48D1-86AB-670833528150", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:*:*:*:*:*:*:*", matchCriteriaId: "93566DC7-8B2D-4EB6-B701-15885F3AEA1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3 cuando no se gestionan correctamente los objetos en la memoria. Esto también se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-8630, CVE-2017-8631, y CVE-2017-8744.", }, ], id: "CVE-2017-8632", lastModified: "2024-11-21T03:34:23.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-13T01:29:09.693", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100734", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039315", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad cuando un servidor de Office Web Apps no sanea apropiadamente una petición especialmente diseñada, también se conoce como 'Vulnerabilidad XSS de Office Web Apps'", }, ], id: "CVE-2020-1442", lastModified: "2024-11-21T05:10:33.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:19.463", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-20 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/94672 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94672 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word para Mac 2011, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener información sensible desde la memoria de proceso o provocar una denegación de servicio (lectura de rango) a través de un documento manipulado, vulnerabilidad también conocida como \"Microsoft Office Information Disclosure Vulnerability\".", }, ], id: "CVE-2016-7268", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-20T06:59:00.593", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94672", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037441", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "D133FB73-C7F6-481C-B050-C242C771ED21", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", matchCriteriaId: "858F70F4-3128-477D-ACAA-73F0AFA23A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "55C05DB1-03DC-454B-85E5-715938F0E13E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka \"MAC Disabled Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 y 2010 SP1 y SP2, y Office Web Apps 2010 no establecen el atributo EnableViewStateMac apropiadamete, lo que permite a atacantes remotos ejecutar código a discrección aprovechando un flujo de trabajo no asignado, tambien conocida como \"Vulnerabilidad de MAC Deshabilitada\".", }, ], id: "CVE-2013-1330", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-11T14:03:48.040", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word_automation_services | - | |
| microsoft | word_for_mac | 2011 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", matchCriteriaId: "CC865581-3650-4DC4-9138-C2F71AA3B850", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, { lang: "es", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener información sensible de la memoria fuera de límites a través de un documento de Office manipulado, vulnerabilidad también conocida como \"Microsoft Office Information Disclosure Vulnerability\".", }, ], id: "CVE-2017-0105", lastModified: "2024-11-21T03:02:21.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-17T00:59:02.853", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96746", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1038010", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96746", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-10-13 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_web_apps | * | |
| microsoft | open_xml_file_format_converter | * | |
| microsoft | word | 2002 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * | |
| microsoft | word_web_app | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", matchCriteriaId: "9409A9BD-1E9B-49B8-884F-8FE569D8AA25", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*", matchCriteriaId: "5BA91840-371C-4282-9F7F-B393F785D260", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "A4B44889-AEEB-4713-A047-C27B802DB257", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:*:*:*:*:*:*:*:*", matchCriteriaId: "D552A3DF-6611-4CF0-80CD-2CAF92B5C609", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*", matchCriteriaId: "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*", matchCriteriaId: "F02894C4-57A7-45FE-B9D2-1A0EE3ABA455", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "262BC12C-246A-41AB-A08D-3D205156F074", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:*:x32:*:*:*:*:*", matchCriteriaId: "96FEA479-CEB6-405A-A427-28ED3917450C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:*:x64:*:*:*:*:*", matchCriteriaId: "21D11545-A010-4385-A1E4-0DE6217782D4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_web_app:*:*:*:*:*:*:*:*", matchCriteriaId: "825B51D1-57F3-48F1-A0F3-DD5DA119E54E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Stack Overflow Vulnerability.\"", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; y Word Web App permite a atacantes remotos ejecutar código de su elección a través de documentos Word manipulado, también conocido como \"Word Stack Overflow Vulnerability\".", }, ], id: "CVE-2010-3214", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-10-13T19:00:44.557", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/archive/1/514302/100/0/threaded", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/514302/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-10-09 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | word_automation_services | - | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", matchCriteriaId: "CC865581-3650-4DC4-9138-C2F71AA3B850", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*", matchCriteriaId: "AED6C159-CD2C-436B-99BC-00E79A685D44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "262BC12C-246A-41AB-A08D-3D205156F074", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "D2A0758C-6499-407F-823A-6F28BE56805E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka \"RTF File listid Use-After-Free Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de uso después de liberación en Microsoft Word 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Word Viewer; Office Compatibility Pack SP2 y SP3; Word Automation Services en Microsoft SharePoint Server 2010; y Office Web Apps 2010 SP1, permite a atacantes remotos ejecutar código de su elección a través de un documento RTF modificado, también conocido como \"RTF File listid Use-After-Free Vulnerability.\"", }, ], id: "CVE-2012-2528", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-10-09T21:55:02.690", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/55781", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/55781", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2024-11-21 06:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-1080/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-1080/ | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*", matchCriteriaId: "0390EFCA-87B4-42D6-817A-603765F49816", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota en Microsoft Excel", }, ], id: "CVE-2021-38655", lastModified: "2024-11-21T06:17:49.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-09-15T12:15:15.537", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1080/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1080/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p>
<p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:macos:*:*", matchCriteriaId: "8B615D7A-B7F2-44DF-8699-EB8367ADE65C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p>\n<p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Word cuando presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1338", }, ], id: "CVE-2020-1218", lastModified: "2024-11-21T05:10:00.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.713", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Word Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Word. Este ID de CVE es diferente de CVE-2021-1715", }, ], id: "CVE-2021-1716", lastModified: "2024-11-21T05:44:57.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:34.743", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1716", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-10 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"XSS scriptresx.ashx Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en scriptresx.ashx en Microsoft SharePoint Server 2010 Gold y SP1, SharePoint Foundation 2010 Gold y SP1, y Office Web Apps 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de elementos JavaScript en una URL, también conocido como \"XSS scriptresx.ashx Vulnerability.\"\r\n", }, ], id: "CVE-2012-1859", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-07-10T21:55:05.747", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-15 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98812 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98812 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | onenote | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", matchCriteriaId: "71AF058A-2E5D-4B11-88DB-8903C64B13C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:onenote:2010:*:*:*:*:*:*:*", matchCriteriaId: "DE50A4D0-ABF4-4EB2-AF63-C8D7E9920099", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "A06E1824-01B6-4BAE-9789-B0D3776915B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el software no maneja apropiadamente los objetos en la memoria, también se conoce como \"Office Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260 y CVE-2017-8506.", }, ], id: "CVE-2017-8509", lastModified: "2024-11-21T03:34:09.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-15T01:29:03.820", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98812", }, { source: "secure@microsoft.com", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p>
<p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p>
<p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", matchCriteriaId: "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:macos:*:*", matchCriteriaId: "8B615D7A-B7F2-44DF-8699-EB8367ADE65C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p>\n<p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p>\n<p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando Microsoft Excel divulga inapropiadamente el contenido de su memoria, también se conoce como \"Microsoft Excel Information Disclosure Vulnerability\"", }, ], id: "CVE-2020-1224", lastModified: "2024-11-21T05:10:01.027", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.760", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-04-14 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*", matchCriteriaId: "69998A67-CB15-4217-8AD6-43F9BA3C6454", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*", matchCriteriaId: "349E9084-8116-43E9-8B19-CA521C96660D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de uso después de liberación en Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, y Office Web Apps Server 2010 SP2 y 2013 SP1 permite a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocido como 'vulnerabilidad de uso después de liberación en componentes de Microsoft Office.'", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", id: "CVE-2015-1650", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-04-14T20:59:12.657", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1032104", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1032104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_online_server | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:*:*:*:*", matchCriteriaId: "EBF47B12-FC83-461C-8F18-A67CBDEFDE62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:macos:*:*:*", matchCriteriaId: "B0352A12-BB2E-4A4C-B112-8C4C7A473F6A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", matchCriteriaId: "C5282C83-86B8-442D-851D-B54E88E8B1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E98AE986-FA31-4301-8025-E8915BA4AC5E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:-:*", matchCriteriaId: "89DF4D04-2413-491E-9149-51E452988D17", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:-:*", matchCriteriaId: "FC00C2DE-21B4-4F6C-941E-8962D0CD1460", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando Microsoft Office divulga inapropiadamente el contenido de su memoria, también se conoce como \"Microsoft Office Information Disclosure Vulnerability\". Este ID de CVE es diferente de CVE-2020-1342", }, ], id: "CVE-2020-1445", lastModified: "2024-11-21T05:10:33.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:19.713", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-11 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | word | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Microsoft Office Graphics RCE Vulnerability.\"", }, { lang: "es", value: "La librería font de Windows en Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services sobre SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permite a atacantes remotos ejecutar código arbitrario a través de una fuente embebida manipulada, también conocido como \"Microsoft Office Graphics RCE Vulnerability\".", }, ], id: "CVE-2016-0183", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-11T01:59:23.610", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1035819", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035819", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2014-0260 (GCVE-0-2014-0260)
Vulnerability from cvelistv5
Published
2014-01-15 02:00
Modified
2024-08-06 09:13
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029599 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1029598 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:13:09.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1029599", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029599", }, { name: "1029598", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029598", }, { name: "MS14-001", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1029599", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029599", }, { name: "1029598", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029598", }, { name: "MS14-001", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2014-0260", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1029599", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029599", }, { name: "1029598", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029598", }, { name: "MS14-001", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2014-0260", datePublished: "2014-01-15T02:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:13:09.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1650 (GCVE-0-2015-1650)
Vulnerability from cvelistv5
Published
2015-04-14 20:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032104 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.369Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032104", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032104", }, { name: "MS15-033", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-14T00:00:00", descriptions: [ { lang: "en", value: "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1032104", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032104", }, { name: "MS15-033", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-1650", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032104", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032104", }, { name: "MS15-033", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-1650", datePublished: "2015-04-14T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:47:17.369Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-6037 (GCVE-0-2015-6037)
Vulnerability from cvelistv5
Published
2015-10-14 01:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1033804 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1033803 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:06:35.212Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS15-110", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033804", }, { name: "1033803", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033803", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-10-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka \"Microsoft Office Web Apps XSS Spoofing Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS15-110", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033804", }, { name: "1033803", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033803", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-6037", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka \"Microsoft Office Web Apps XSS Spoofing Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS15-110", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033804", }, { name: "1033803", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033803", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-6037", datePublished: "2015-10-14T01:00:00", dateReserved: "2015-08-14T00:00:00", dateUpdated: "2024-08-06T07:06:35.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17064 (GCVE-0-2020-17064)
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:52
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.266Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:52:02.260Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17064", datePublished: "2020-11-11T06:48:24", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:52:02.260Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-0797 (GCVE-0-2018-0797)
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 18:17
Severity ?
EPSS score ?
Summary
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102406 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040153 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:35:49.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "102406", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102406", }, { name: "1040153", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040153", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office", }, ], }, ], datePublic: "2018-01-09T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\".", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-11T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "102406", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102406", }, { name: "1040153", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040153", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2018-01-09T00:00:00", ID: "CVE-2018-0797", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\".", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "102406", refsource: "BID", url: "http://www.securityfocus.com/bid/102406", }, { name: "1040153", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040153", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-0797", datePublished: "2018-01-10T01:00:00Z", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-09-16T18:17:56.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17123 (GCVE-0-2020-17123)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: https://aka.ms/OfficeSecurityReleases < publication cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:* |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*", ], platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "https://aka.ms/OfficeSecurityReleases", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:03.739Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17123", datePublished: "2020-12-09T23:36:46", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.616Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17129 (GCVE-0-2020-17129)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:07.690Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17129", datePublished: "2020-12-09T23:36:49", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.938Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-24067 (GCVE-0-2021-24067)
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 |
Version: 15.0.1 < publication cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:21:17.216Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*", ], platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "https://aka.ms/OfficeSecurityReleases", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:29.862Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-24067", datePublished: "2021-02-25T23:01:33", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-08-03T19:21:17.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-43256 (GCVE-0-2021-43256)
Vulnerability from cvelistv5
Published
2021-12-15 14:15
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: https://aka.ms/OfficeSecurityReleases < 16.0.10381.20001 cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:55:28.380Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*", ], platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10381.20001", status: "affected", version: "https://aka.ms/OfficeSecurityReleases", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5254.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:32.438Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-43256", datePublished: "2021-12-15T14:15:29", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-08-04T03:55:28.380Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-6093 (GCVE-0-2015-6093)
Vulnerability from cvelistv5
Published
2015-11-11 11:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77491 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1034122 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034118 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-539 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:15:12.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "77491", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77491", }, { name: "1034122", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034122", }, { name: "MS15-116", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116", }, { name: "1034118", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034118", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.zerodayinitiative.com/advisories/ZDI-15-539", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "77491", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77491", }, { name: "1034122", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034122", }, { name: "MS15-116", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116", }, { name: "1034118", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034118", }, { tags: [ "x_refsource_MISC", ], url: "http://www.zerodayinitiative.com/advisories/ZDI-15-539", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-6093", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "77491", refsource: "BID", url: "http://www.securityfocus.com/bid/77491", }, { name: "1034122", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034122", }, { name: "MS15-116", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116", }, { name: "1034118", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034118", }, { name: "http://www.zerodayinitiative.com/advisories/ZDI-15-539", refsource: "MISC", url: "http://www.zerodayinitiative.com/advisories/ZDI-15-539", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-6093", datePublished: "2015-11-11T11:00:00", dateReserved: "2015-08-14T00:00:00", dateUpdated: "2024-08-06T07:15:12.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1224 (GCVE-0-2020-1224)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p>
<p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p>
<p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 |
Version: 15.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:59.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2016 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p>\n<p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p>\n<p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:51.332Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224", }, ], title: "Microsoft Excel Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1224", datePublished: "2020-09-11T17:09:08", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:59.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1446 (GCVE-0-2020-1446)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:09.679Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft 365 Apps for Enterprise for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft 365 Apps for Enterprise for 64-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:46", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1446", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "2016 for Mac", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft 365 Apps for Enterprise for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft 365 Apps for Enterprise for 64-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1446", datePublished: "2020-07-14T22:54:46", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:09.679Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17128 (GCVE-0-2020-17128)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.870Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:06.982Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17128", datePublished: "2020-12-09T23:36:48", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.870Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8539 (GCVE-0-2018-8539)
Vulnerability from cvelistv5
Published
2018-11-14 01:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105835 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1042112 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server |
Version: 2010 Service Pack 2 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:25.253Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105835", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105835", }, { name: "1042112", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042112", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "Web Apps 2010 Service Pack 2", }, ], }, ], datePublic: "2018-11-13T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-14T10:57:02", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "105835", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105835", }, { name: "1042112", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042112", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8539", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "Web Apps 2010 Service Pack 2", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "105835", refsource: "BID", url: "http://www.securityfocus.com/bid/105835", }, { name: "1042112", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042112", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8539", datePublished: "2018-11-14T01:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T07:02:25.253Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17122 (GCVE-0-2020-17122)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2010 Service Pack 2 |
Version: 13.0.0.0 < publication cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:02.910Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17122", datePublished: "2020-12-09T23:36:46", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.454Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-28453 (GCVE-0-2021-28453)
Vulnerability from cvelistv5
Published
2021-04-13 19:33
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28453 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-423/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:14.344Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28453", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-423/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1 ", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:43.102Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28453", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-423/", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28453", datePublished: "2021-04-13T19:33:35", dateReserved: "2021-03-15T00:00:00", dateUpdated: "2024-08-03T21:40:14.344Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-7233 (GCVE-0-2016-7233)
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232 | third-party-advisory, x_refsource_IDEFENSE | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94031 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:57:47.600Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232", }, { name: "MS16-133", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "94031", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94031", }, { name: "1037246", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037246", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-11-08T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232", }, { name: "MS16-133", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "94031", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94031", }, { name: "1037246", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037246", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-7233", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability", refsource: "IDEFENSE", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232", }, { name: "MS16-133", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "94031", refsource: "BID", url: "http://www.securityfocus.com/bid/94031", }, { name: "1037246", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037246", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-7233", datePublished: "2016-11-10T06:16:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T01:57:47.600Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8628 (GCVE-0-2018-8628)
Vulnerability from cvelistv5
Published
2018-12-12 00:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106104 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: 2016 for Mac Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2019 for Mac Version: Compatibility Pack Service Pack 3 Version: Web Apps 2010 Service Pack 2 Version: Web Apps 2013 Service Pack 1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:25.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628", }, { name: "106104", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106104", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "Compatibility Pack Service Pack 3", }, { status: "affected", version: "Web Apps 2010 Service Pack 2", }, { status: "affected", version: "Web Apps 2013 Service Pack 1", }, ], }, { product: "Microsoft PowerPoint", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, ], }, { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2016", }, ], }, { product: "Microsoft PowerPoint Viewer", vendor: "Microsoft", versions: [ { status: "affected", version: "Microsoft PowerPoint Viewer", }, ], }, { product: "Office", vendor: "Microsoft", versions: [ { status: "affected", version: "365 ProPlus for 32-bit Systems", }, { status: "affected", version: "365 ProPlus for 64-bit Systems", }, ], }, { product: "Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "Office Online Server", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, { status: "affected", version: "2019", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-12T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628", }, { name: "106104", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106104", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8628", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2016 for Mac", }, { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "Compatibility Pack Service Pack 3", }, { version_value: "Web Apps 2010 Service Pack 2", }, { version_value: "Web Apps 2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft PowerPoint", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, ], }, }, { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2016", }, ], }, }, { product_name: "Microsoft PowerPoint Viewer", version: { version_data: [ { version_value: "Microsoft PowerPoint Viewer", }, ], }, }, { product_name: "Office", version: { version_data: [ { version_value: "365 ProPlus for 32-bit Systems", }, { version_value: "365 ProPlus for 64-bit Systems", }, ], }, }, { product_name: "Office Online Server", version: { version_data: [ { version_value: "Office Online Server", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2013 Service Pack 1", }, { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628", }, { name: "106104", refsource: "BID", url: "http://www.securityfocus.com/bid/106104", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8628", datePublished: "2018-12-12T00:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T07:02:25.912Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0281 (GCVE-0-2017-0281)
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98297 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:03:55.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, { name: "98297", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98297", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016.", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, { name: "98297", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98297", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0281", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016.", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, { name: "98297", refsource: "BID", url: "http://www.securityfocus.com/bid/98297", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0281", datePublished: "2017-05-12T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T13:03:55.893Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8161 (GCVE-0-2018-8161)
Vulnerability from cvelistv5
Published
2018-05-09 19:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104052 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040853 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Word |
Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.792Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161", }, { name: "104052", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104052", }, { name: "1040853", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040853", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, ], }, { product: "Word", vendor: "Microsoft", versions: [ { status: "affected", version: "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2", }, { status: "affected", version: "Automation Services on Microsoft SharePoint Server 2013 Service Pack 1", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "Web Apps 2010 Service Pack 2", }, { status: "affected", version: "Web Apps Server 2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2016", }, ], }, ], datePublic: "2018-05-08T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-10T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161", }, { name: "104052", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104052", }, { name: "1040853", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040853", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8161", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, ], }, }, { product_name: "Word", version: { version_data: [ { version_value: "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2", }, { version_value: "Automation Services on Microsoft SharePoint Server 2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "Web Apps 2010 Service Pack 2", }, { version_value: "Web Apps Server 2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161", }, { name: "104052", refsource: "BID", url: "http://www.securityfocus.com/bid/104052", }, { name: "1040853", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040853", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8161", datePublished: "2018-05-09T19:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:46:13.792Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17126 (GCVE-0-2020-17126)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Excel Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.463Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:05.905Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126", }, ], title: "Microsoft Excel Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17126", datePublished: "2020-12-09T23:36:47", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.463Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-1289 (GCVE-0-2013-1289)
Vulnerability from cvelistv5
Published
2013-04-09 22:00
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/ncas/alerts/TA13-100A | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:04.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA13-100A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { name: "oval:org.mitre.oval:def:16599", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, { name: "MS13-035", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-04-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA13-100A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { name: "oval:org.mitre.oval:def:16599", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, { name: "MS13-035", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-1289", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA13-100A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { name: "oval:org.mitre.oval:def:16599", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, { name: "MS13-035", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-1289", datePublished: "2013-04-09T22:00:00", dateReserved: "2013-01-12T00:00:00", dateUpdated: "2024-08-06T14:57:04.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0183 (GCVE-0-2016-0183)
Vulnerability from cvelistv5
Published
2016-05-11 01:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1035819 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:08:13.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-054", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, { name: "1035819", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035819", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-10T00:00:00", descriptions: [ { lang: "en", value: "The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Microsoft Office Graphics RCE Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-054", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, { name: "1035819", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035819", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-0183", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Microsoft Office Graphics RCE Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-054", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, { name: "1035819", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035819", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-0183", datePublished: "2016-05-11T01:00:00", dateReserved: "2015-12-04T00:00:00", dateUpdated: "2024-08-05T22:08:13.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1201 (GCVE-0-2019-1201)
Vulnerability from cvelistv5
Published
2019-08-14 20:55
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user.
To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software.
Two possible email attack scenarios exist for this vulnerability:
• With the first email attack scenario, an attacker could send a specially crafted email message to the user and wait for the user to click on the message. When the message renders via Microsoft Word in the Outlook Preview Pane, an attack could be triggered.
• With the second scenario, an attacker could attach a specially crafted file to an email, send it to a user, and convince them to open it.
In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or other message, and then convince the user to open the specially crafted file.
The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.
For users who view their emails in Outlook, the Preview Pane attack vector can be mitigated by disabling this feature. The following registry keys can be set to disable the Preview Pane in Outlook on Windows, either via manual editing of the registry or by modifying Group Policy.
Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
Outlook 2010:
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Options
DWORD: DisableReadingPane
Value: 1
Outlook 2013:
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options
DWORD: DisableReadingPane
Value: 1
Outlook 2016, Outlook 2019, and Office 365 ProPlus:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options
DWORD: DisableReadingPane
Value: 1
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2019-1201", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-18T20:40:32.585804Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T20:40:39.171Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T18:13:29.220Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Office 365 ProPlus", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2016 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1 ", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2019-08-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user.\nTo exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software.\nTwo possible email attack scenarios exist for this vulnerability:\n•\tWith the first email attack scenario, an attacker could send a specially crafted email message to the user and wait for the user to click on the message. When the message renders via Microsoft Word in the Outlook Preview Pane, an attack could be triggered.\n•\tWith the second scenario, an attacker could attach a specially crafted file to an email, send it to a user, and convince them to open it.\nIn a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or other message, and then convince the user to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.\nFor users who view their emails in Outlook, the Preview Pane attack vector can be mitigated by disabling this feature. The following registry keys can be set to disable the Preview Pane in Outlook on Windows, either via manual editing of the registry or by modifying Group Policy.\nNote Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.\nOutlook 2010:\nHKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Outlook\\Options\nDWORD: DisableReadingPane\nValue: 1\nOutlook 2013:\nHKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Options\nDWORD: DisableReadingPane\nValue: 1\nOutlook 2016, Outlook 2019, and Office 365 ProPlus:\nHKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Options\nDWORD: DisableReadingPane\nValue: 1\n", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:51:02.604Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1201", datePublished: "2019-08-14T20:55:05", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:29.220Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3848 (GCVE-0-2013-3848)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:22:01.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:18281", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:18800", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:18281", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:18800", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3848", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:18281", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18281", }, { name: "MS13-072", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:18800", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18800", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3848", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-06-03T00:00:00", dateUpdated: "2024-08-06T16:22:01.293Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-21840 (GCVE-0-2022-21840)
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.406Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5266.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10382.20004", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "16.57.22011101", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10382.20004", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.57.22011101", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20714", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20714", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5266.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5266.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5266.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10382.20004", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.57.22011101", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10382.20004", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.57.22011101", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20714", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20714", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5266.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5266.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:*:sp1:*:*:rt:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:sp1:*:*:rt:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:52.048Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21840", datePublished: "2022-01-11T20:22:19", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:52.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8504 (GCVE-0-2018-8504)
Vulnerability from cvelistv5
Published
2018-10-10 13:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105499 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041840 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server |
Version: 2010 Service Pack 2 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:36.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105499", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105499", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504", }, { name: "1041840", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041840", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "Web Apps 2010 Service Pack 2", }, ], }, { product: "Office", vendor: "Microsoft", versions: [ { status: "affected", version: "365 ProPlus for 32-bit Systems", }, { status: "affected", version: "365 ProPlus for 64-bit Systems", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, ], }, ], datePublic: "2018-10-09T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "105499", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105499", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504", }, { name: "1041840", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041840", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8504", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "Web Apps 2010 Service Pack 2", }, ], }, }, { product_name: "Office", version: { version_data: [ { version_value: "365 ProPlus for 32-bit Systems", }, { version_value: "365 ProPlus for 64-bit Systems", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "105499", refsource: "BID", url: "http://www.securityfocus.com/bid/105499", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504", }, { name: "1041840", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041840", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8504", datePublished: "2018-10-10T13:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:54:36.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8378 (GCVE-0-2018-8378)
Vulnerability from cvelistv5
Published
2018-08-15 17:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104996 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Word |
Version: Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:36.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104996", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104996", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Word", vendor: "Microsoft", versions: [ { status: "affected", version: "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft Office Word Viewer", vendor: "Microsoft", versions: [ { status: "affected", version: "Microsoft Office Word Viewer", }, ], }, { product: "Microsoft Excel Viewer", vendor: "Microsoft", versions: [ { status: "affected", version: "2007 Service Pack 3", }, ], }, { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2013 Service Pack 1", }, { status: "affected", version: "Enterprise Server 2016", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2016 Click-to-Run (C2R) for 32-bit editions", }, { status: "affected", version: "2016 Click-to-Run (C2R) for 64-bit editions", }, { status: "affected", version: "Web Apps 2010 Service Pack 2", }, { status: "affected", version: "Web Apps 2013 Service Pack 1", }, ], }, ], datePublic: "2018-08-14T00:00:00", descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-16T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "104996", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104996", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8378", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Word", version: { version_data: [ { version_value: "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft Office Word Viewer", version: { version_data: [ { version_value: "Microsoft Office Word Viewer", }, ], }, }, { product_name: "Microsoft Excel Viewer", version: { version_data: [ { version_value: "2007 Service Pack 3", }, ], }, }, { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2013 Service Pack 1", }, { version_value: "Enterprise Server 2016", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2016 Click-to-Run (C2R) for 32-bit editions", }, { version_value: "2016 Click-to-Run (C2R) for 64-bit editions", }, { version_value: "Web Apps 2010 Service Pack 2", }, { version_value: "Web Apps 2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "104996", refsource: "BID", url: "http://www.securityfocus.com/bid/104996", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8378", datePublished: "2018-08-15T17:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:54:36.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0140 (GCVE-0-2016-0140)
Vulnerability from cvelistv5
Published
2016-05-11 01:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1035819 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/89953 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:08:13.323Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-054", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, { name: "1035819", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035819", }, { name: "89953", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/89953", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-054", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, { name: "1035819", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035819", }, { name: "89953", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/89953", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-0140", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-054", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-054", }, { name: "1035819", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035819", }, { name: "89953", refsource: "BID", url: "http://www.securityfocus.com/bid/89953", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-0140", datePublished: "2016-05-11T01:00:00", dateReserved: "2015-12-04T00:00:00", dateUpdated: "2024-08-05T22:08:13.323Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3281 (GCVE-0-2016-3281)
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036274 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91588 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036275 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:59.096Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036274", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036274", }, { name: "91588", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91588", }, { name: "1036275", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-07-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1036274", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036274", }, { name: "91588", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91588", }, { name: "1036275", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-3281", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036274", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036274", }, { name: "91588", refsource: "BID", url: "http://www.securityfocus.com/bid/91588", }, { name: "1036275", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-3281", datePublished: "2016-07-13T01:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:59.096Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1447 (GCVE-0-2020-1447)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:09.729Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft 365 Apps for Enterprise for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft 365 Apps for Enterprise for 64-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:47", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1447", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "2016 for Mac", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft 365 Apps for Enterprise for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft 365 Apps for Enterprise for 64-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1447", datePublished: "2020-07-14T22:54:47", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:09.729Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-5059 (GCVE-0-2013-5059)
Vulnerability from cvelistv5
Published
2013-12-11 00:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:41.366Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-100", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-12-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka \"SharePoint Page Content Vulnerabilities.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-100", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-5059", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka \"SharePoint Page Content Vulnerabilities.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-100", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-5059", datePublished: "2013-12-11T00:00:00", dateReserved: "2013-08-06T00:00:00", dateUpdated: "2024-08-06T16:59:41.366Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-22716 (GCVE-0-2022-22716)
Vulnerability from cvelistv5
Published
2022-02-09 16:37
Modified
2025-01-02 18:28
Severity ?
EPSS score ?
Summary
Microsoft Excel Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22716 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 |
Version: 15.0.0 < 15.0.5423.1000 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:21:49.001Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Excel Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22716", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "16.58.22021501", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10383.20001", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.58.22021501", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5278.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.58.22021501", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10383.20001", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.58.22021501", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5278.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:*:sp1:*:*:rt:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-02-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:28:13.375Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22716", }, ], title: "Microsoft Excel Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-22716", datePublished: "2022-02-09T16:37:06", dateReserved: "2022-01-06T00:00:00", dateUpdated: "2025-01-02T18:28:13.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-7268 (GCVE-0-2016-7268)
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94672 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:57:47.076Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-148", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94672", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94672", }, { name: "1037441", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037441", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-148", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94672", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94672", }, { name: "1037441", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037441", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-7268", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-148", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94672", refsource: "BID", url: "http://www.securityfocus.com/bid/94672", }, { name: "1037441", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037441", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-7268", datePublished: "2016-12-20T05:54:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T01:57:47.076Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-7234 (GCVE-0-2016-7234)
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94020 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233 | third-party-advisory, x_refsource_IDEFENSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:57:46.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-133", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "94020", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94020", }, { name: "1037246", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037246", }, { name: "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-11-08T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-133", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "94020", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94020", }, { name: "1037246", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037246", }, { name: "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-7234", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-133", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "94020", refsource: "BID", url: "http://www.securityfocus.com/bid/94020", }, { name: "1037246", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037246", }, { name: "20161108 Microsoft Word Memory Corrpution Code Execution Vulnerability", refsource: "IDEFENSE", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-7234", datePublished: "2016-11-10T06:16:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T01:57:46.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0105 (GCVE-0-2017-0105)
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96746 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Office |
Version: Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:55:18.483Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038010", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038010", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105", }, { name: "96746", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96746", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2", }, ], }, ], datePublic: "2017-03-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1038010", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038010", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105", }, { name: "96746", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96746", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0105", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Office", version: { version_data: [ { version_value: "Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "1038010", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038010", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105", }, { name: "96746", refsource: "BID", url: "http://www.securityfocus.com/bid/96746", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0105", datePublished: "2017-03-17T00:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:55:18.483Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27054 (GCVE-0-2021-27054)
Vulnerability from cvelistv5
Published
2021-03-11 15:46
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-507/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 |
Version: 15.0.1 < publication cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-507/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:09:24.054Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-507/", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-27054", datePublished: "2021-03-11T15:46:24", dateReserved: "2021-02-10T00:00:00", dateUpdated: "2024-08-03T20:40:47.299Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-1330 (GCVE-0-2013-1330)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:05.091Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:19040", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, { name: "MS13-105", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka \"MAC Disabled Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:19040", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, { name: "MS13-105", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-1330", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka \"MAC Disabled Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:19040", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, { name: "MS13-105", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-1330", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-01-12T00:00:00", dateUpdated: "2024-08-06T14:57:05.091Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3849 (GCVE-0-2013-3849)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:22:01.322Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "oval:org.mitre.oval:def:19100", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100", }, { name: "oval:org.mitre.oval:def:18774", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "oval:org.mitre.oval:def:19100", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100", }, { name: "oval:org.mitre.oval:def:18774", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3849", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-072", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "oval:org.mitre.oval:def:19100", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100", }, { name: "oval:org.mitre.oval:def:18774", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3849", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-06-03T00:00:00", dateUpdated: "2024-08-06T16:22:01.322Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27057 (GCVE-0-2021-27057)
Vulnerability from cvelistv5
Published
2021-03-11 15:48
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-334/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-334/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:09:25.636Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-334/", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-27057", datePublished: "2021-03-11T15:48:21", dateReserved: "2021-02-10T00:00:00", dateUpdated: "2024-08-03T20:40:47.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8247 (GCVE-0-2018-8247)
Vulnerability from cvelistv5
Published
2018-06-14 12:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041104 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/104319 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office |
Version: Web Apps Server 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.709Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247", }, { name: "1041104", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041104", }, { name: "104319", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104319", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "Web Apps Server 2013 Service Pack 1", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], datePublic: "2018-06-14T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka \"Microsoft Office Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247", }, { name: "1041104", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041104", }, { name: "104319", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104319", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8247", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Web Apps Server 2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka \"Microsoft Office Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247", }, { name: "1041104", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041104", }, { name: "104319", refsource: "BID", url: "http://www.securityfocus.com/bid/104319", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8247", datePublished: "2018-06-14T12:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:46:13.709Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1218 (GCVE-0-2020-1218)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p>
<p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:59.795Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2016 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1 ", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p>\n<p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:50.812Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1218", datePublished: "2020-09-11T17:09:08", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:59.795Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0030 (GCVE-0-2017-0030)
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96051 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Office |
Version: Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:47:57.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038010", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038010", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030", }, { name: "96051", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96051", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2", }, ], }, ], datePublic: "2017-03-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1038010", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038010", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030", }, { name: "96051", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96051", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0030", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Office", version: { version_data: [ { version_value: "Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "1038010", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038010", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030", }, { name: "96051", refsource: "BID", url: "http://www.securityfocus.com/bid/96051", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0030", datePublished: "2017-03-17T00:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:47:57.518Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1445 (GCVE-0-2020-1445)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.495Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft 365 Apps for Enterprise for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft 365 Apps for Enterprise for 64-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:46", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1445", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "2016 for Mac", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft 365 Apps for Enterprise for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft 365 Apps for Enterprise for 64-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1445", datePublished: "2020-07-14T22:54:46", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.495Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-1315 (GCVE-0-2013-1315)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:04.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:18950", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, { name: "MS13-073", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { name: "oval:org.mitre.oval:def:18333", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { name: "oval:org.mitre.oval:def:18543", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:18950", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, { name: "MS13-073", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { name: "oval:org.mitre.oval:def:18333", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { name: "oval:org.mitre.oval:def:18543", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-1315", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:18950", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, { name: "MS13-073", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { name: "oval:org.mitre.oval:def:18333", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { name: "oval:org.mitre.oval:def:18543", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-1315", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-01-12T00:00:00", dateUpdated: "2024-08-06T14:57:04.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3858 (GCVE-0-2013-3858)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:22:01.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:18801", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801", }, { name: "oval:org.mitre.oval:def:18709", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:18801", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801", }, { name: "oval:org.mitre.oval:def:18709", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3858", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:18801", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801", }, { name: "oval:org.mitre.oval:def:18709", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709", }, { name: "MS13-072", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3858", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-06-03T00:00:00", dateUpdated: "2024-08-06T16:22:01.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1583 (GCVE-0-2020-1583)
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-11-18 16:26
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-1583", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T16:26:06.371884Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:26:19.120Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2016 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1 ", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:21.670Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583", }, ], title: "Microsoft Word Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1583", datePublished: "2020-08-17T19:13:51", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-11-18T16:26:19.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-8742 (GCVE-0-2017-8742)
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039323 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100741 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:48:21.627Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1039323", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039323", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742", }, { name: "100741", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100741", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3", }, ], }, ], datePublic: "2017-09-12T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8743.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-13T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1039323", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039323", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742", }, { name: "100741", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100741", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2017-09-12T00:00:00", ID: "CVE-2017-8742", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka \"PowerPoint Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8743.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "1039323", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039323", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742", }, { name: "100741", refsource: "BID", url: "http://www.securityfocus.com/bid/100741", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-8742", datePublished: "2017-09-13T01:00:00Z", dateReserved: "2017-05-03T00:00:00", dateUpdated: "2024-09-17T01:31:58.948Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1448 (GCVE-0-2020-1448)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:47", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1448", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1448", datePublished: "2020-07-14T22:54:47", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.124Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-1859 (GCVE-0-2012-1859)
Vulnerability from cvelistv5
Published
2012-07-10 21:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-192A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:08:38.735Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15589", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"XSS scriptresx.ashx Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15589", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-1859", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"XSS scriptresx.ashx Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-192A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15589", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-1859", datePublished: "2012-07-10T21:00:00", dateReserved: "2012-03-22T00:00:00", dateUpdated: "2024-08-06T19:08:38.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3360 (GCVE-0-2016-3360)
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/92796 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:56:12.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036785", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036785", }, { name: "MS16-107", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, { name: "92796", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92796", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1036785", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036785", }, { name: "MS16-107", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, { name: "92796", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92796", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-3360", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036785", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036785", }, { name: "MS16-107", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, { name: "92796", refsource: "BID", url: "http://www.securityfocus.com/bid/92796", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-3360", datePublished: "2016-09-14T10:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:56:12.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3282 (GCVE-0-2016-3282)
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036274 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036275 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/91589 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:58.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036274", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036274", }, { name: "1036275", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { name: "91589", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91589", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-07-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1036274", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036274", }, { name: "1036275", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { name: "91589", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91589", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-3282", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036274", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036274", }, { name: "1036275", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { name: "91589", refsource: "BID", url: "http://www.securityfocus.com/bid/91589", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-3282", datePublished: "2016-07-13T01:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:58.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-0922 (GCVE-0-2018-0922)
Vulnerability from cvelistv5
Published
2018-03-14 17:00
Modified
2024-09-16 22:15
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103314 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040511 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:11.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "103314", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103314", }, { name: "1040511", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040511", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016", }, ], }, ], datePublic: "2018-03-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\".", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-15T09:57:02", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "103314", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103314", }, { name: "1040511", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040511", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2018-03-14T00:00:00", ID: "CVE-2018-0922", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\".", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "103314", refsource: "BID", url: "http://www.securityfocus.com/bid/103314", }, { name: "1040511", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040511", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-0922", datePublished: "2018-03-14T17:00:00Z", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-09-16T22:15:01.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-8696 (GCVE-0-2017-8696)
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039344 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100780 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:41:24.215Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1039344", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039344", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696", }, { name: "100780", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100780", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-12T00:00:00", descriptions: [ { lang: "en", value: "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1039344", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039344", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696", }, { name: "100780", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100780", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-8696", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1039344", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039344", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696", }, { name: "100780", refsource: "BID", url: "http://www.securityfocus.com/bid/100780", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-8696", datePublished: "2017-09-13T01:00:00", dateReserved: "2017-05-03T00:00:00", dateUpdated: "2024-08-05T16:41:24.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16931 (GCVE-0-2020-16931)
Vulnerability from cvelistv5
Published
2020-10-16 22:17
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1255/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.793Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1255/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:19:54.021Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1255/", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16931", datePublished: "2020-10-16T22:17:53", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.793Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0195 (GCVE-0-2017-0195)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97417 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Office |
Version: Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1, and Office Online Server |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:55:19.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "97417", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97417", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1, and Office Online Server", }, ], }, ], datePublic: "2017-04-11T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka \"Microsoft Office XSS Elevation of Privilege Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-13T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "97417", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97417", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0195", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Office", version: { version_data: [ { version_value: "Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1, and Office Online Server", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka \"Microsoft Office XSS Elevation of Privilege Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "97417", refsource: "BID", url: "http://www.securityfocus.com/bid/97417", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0195", datePublished: "2017-04-12T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:55:19.284Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3857 (GCVE-0-2013-3857)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:22:01.493Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:18741", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741", }, { name: "oval:org.mitre.oval:def:18942", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:18741", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741", }, { name: "oval:org.mitre.oval:def:18942", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3857", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:18741", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741", }, { name: "oval:org.mitre.oval:def:18942", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942", }, { name: "MS13-072", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3857", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-06-03T00:00:00", dateUpdated: "2024-08-06T16:22:01.493Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-1861 (GCVE-0-2012-1861)
Vulnerability from cvelistv5
Published
2012-07-10 21:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-192A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:08:38.567Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15544", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Script in Username Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15544", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-1861", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Script in Username Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-192A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15544", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-1861", datePublished: "2012-07-10T21:00:00", dateReserved: "2012-03-22T00:00:00", dateUpdated: "2024-08-06T19:08:38.567Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17065 (GCVE-0-2020-17065)
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:52
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.222Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:52:02.864Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17065", datePublished: "2020-11-11T06:48:24", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:52:02.864Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-24069 (GCVE-0-2021-24069)
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 |
Version: 15.0.1 < publication cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:21:17.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*", ], platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "https://aka.ms/OfficeSecurityReleases", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:30.861Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-24069", datePublished: "2021-02-25T23:01:35", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-08-03T19:21:17.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-2520 (GCVE-0-2012-2520)
Vulnerability from cvelistv5
Published
2012-10-09 21:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55797 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/id?1027628 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1027626 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1027629 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1027627 | vdb-entry, x_refsource_SECTRACK | |
| http://www.us-cert.gov/cas/techalerts/TA12-283A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id?1027625 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:25.841Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "55797", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/55797", }, { name: "oval:org.mitre.oval:def:14976", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, { name: "1027628", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027628", }, { name: "1027626", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027626", }, { name: "1027629", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027629", }, { name: "1027627", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027627", }, { name: "TA12-283A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-066", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { name: "1027625", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "55797", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/55797", }, { name: "oval:org.mitre.oval:def:14976", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, { name: "1027628", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027628", }, { name: "1027626", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027626", }, { name: "1027629", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027629", }, { name: "1027627", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027627", }, { name: "TA12-283A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-066", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { name: "1027625", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-2520", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "55797", refsource: "BID", url: "http://www.securityfocus.com/bid/55797", }, { name: "oval:org.mitre.oval:def:14976", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, { name: "1027628", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027628", }, { name: "1027626", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027626", }, { name: "1027629", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027629", }, { name: "1027627", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027627", }, { name: "TA12-283A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-066", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { name: "1027625", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-2520", datePublished: "2012-10-09T21:00:00", dateReserved: "2012-05-09T00:00:00", dateUpdated: "2024-08-06T19:34:25.841Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3847 (GCVE-0-2013-3847)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:22:01.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:18749", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { name: "oval:org.mitre.oval:def:18988", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:18749", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { name: "oval:org.mitre.oval:def:18988", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3847", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:18749", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { name: "oval:org.mitre.oval:def:18988", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, { name: "MS13-072", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3847", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-06-03T00:00:00", dateUpdated: "2024-08-06T16:22:01.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1641 (GCVE-0-2015-1641)
Vulnerability from cvelistv5
Published
2015-04-14 20:00
Modified
2025-02-10 19:34
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032104 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/73995 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.492Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032104", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032104", }, { name: "73995", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/73995", }, { name: "MS15-033", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2015-1641", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T19:34:20.050066Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1641", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T19:34:23.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-14T00:00:00.000Z", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1032104", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032104", }, { name: "73995", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/73995", }, { name: "MS15-033", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-1641", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032104", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032104", }, { name: "73995", refsource: "BID", url: "http://www.securityfocus.com/bid/73995", }, { name: "MS15-033", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-1641", datePublished: "2015-04-14T20:00:00.000Z", dateReserved: "2015-02-17T00:00:00.000Z", dateUpdated: "2025-02-10T19:34:23.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1649 (GCVE-0-2015-1649)
Vulnerability from cvelistv5
Published
2015-04-14 20:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032104 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.761Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032104", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032104", }, { name: "MS15-033", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-14T00:00:00", descriptions: [ { lang: "en", value: "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1032104", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032104", }, { name: "MS15-033", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-1649", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032104", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032104", }, { name: "MS15-033", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-1649", datePublished: "2015-04-14T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:47:17.761Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21716 (GCVE-0-2023-21716)
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-02-28 21:13
Severity ?
EPSS score ?
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2021 |
Version: 16.0.1 < 16.70.23021201 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21716", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:05.782542Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:13:53.143Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.70.23021201", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20478", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20478", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10395.20001", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "16.70.23021201", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5383.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10395.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5383.1000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.70.23021201", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20478", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20478", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10395.20001", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.70.23021201", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5383.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10395.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5383.1000", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:18.719Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21716", datePublished: "2023-02-14T19:33:45.678Z", dateReserved: "2022-12-13T18:08:03.491Z", dateUpdated: "2025-02-28T21:13:53.143Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-24068 (GCVE-0-2021-24068)
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 |
Version: 15.0.1 < publication cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:21:17.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:30.360Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-24068", datePublished: "2021-02-25T23:01:34", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-08-03T19:21:17.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-7230 (GCVE-0-2016-7230)
Vulnerability from cvelistv5
Published
2016-11-10 06:16
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1037246 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/94006 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:57:46.726Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-133", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "1037246", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037246", }, { name: "94006", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94006", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-11-08T00:00:00", descriptions: [ { lang: "en", value: "Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-133", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "1037246", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037246", }, { name: "94006", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94006", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-7230", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-133", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133", }, { name: "1037246", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037246", }, { name: "94006", refsource: "BID", url: "http://www.securityfocus.com/bid/94006", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-7230", datePublished: "2016-11-10T06:16:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T01:57:46.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0054 (GCVE-0-2016-0054)
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034976 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:08:12.779Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1034976", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034976", }, { name: "MS16-015", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-09T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1034976", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034976", }, { name: "MS16-015", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-0054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1034976", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034976", }, { name: "MS16-015", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-0054", datePublished: "2016-02-10T11:00:00", dateReserved: "2015-12-04T00:00:00", dateUpdated: "2024-08-05T22:08:12.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-3214 (GCVE-0-2010-3214)
Vulnerability from cvelistv5
Published
2010-10-13 18:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/514302/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-285A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:03:18.635Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20101014 VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/514302/100/0/threaded", }, { name: "MS10-079", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079", }, { name: "TA10-285A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { name: "oval:org.mitre.oval:def:7322", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-10-12T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Stack Overflow Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "20101014 VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/514302/100/0/threaded", }, { name: "MS10-079", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079", }, { name: "TA10-285A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { name: "oval:org.mitre.oval:def:7322", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2010-3214", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Stack Overflow Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20101014 VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214)", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/514302/100/0/threaded", }, { name: "MS10-079", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079", }, { name: "TA10-285A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { name: "oval:org.mitre.oval:def:7322", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2010-3214", datePublished: "2010-10-13T18:00:00", dateReserved: "2010-09-03T00:00:00", dateUpdated: "2024-08-07T03:03:18.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1034 (GCVE-0-2019-1034)
Vulnerability from cvelistv5
Published
2019-06-12 13:49
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1035.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server |
Version: 2010 Service Pack 2 Version: 2019 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2019", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Office 365 ProPlus", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "64-bit Systems", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1035.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-12T13:49:40", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1034", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2019", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2016 for Mac", }, { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Office 365 ProPlus", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "64-bit Systems", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1035.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1034", datePublished: "2019-06-12T13:49:40", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:06:31.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-7193 (GCVE-0-2016-7193)
Vulnerability from cvelistv5
Published
2016-10-14 01:00
Modified
2025-02-04 14:04
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93372 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1036984 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:50:47.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93372", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93372", }, { name: "MS16-121", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121", }, { name: "1036984", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036984", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2016-7193", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T14:03:53.430430Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7193", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T14:04:00.841Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-11T00:00:00.000Z", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "93372", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93372", }, { name: "MS16-121", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121", }, { name: "1036984", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036984", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-7193", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "93372", refsource: "BID", url: "http://www.securityfocus.com/bid/93372", }, { name: "MS16-121", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121", }, { name: "1036984", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036984", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-7193", datePublished: "2016-10-14T01:00:00.000Z", dateReserved: "2016-09-09T00:00:00.000Z", dateUpdated: "2025-02-04T14:04:00.841Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-8512 (GCVE-0-2017-8512)
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98816 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038668 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:41:22.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "98816", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98816", }, { name: "1038668", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038668", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services.", }, ], }, ], datePublic: "2017-06-13T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-07T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "98816", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98816", }, { name: "1038668", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038668", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-8512", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services.", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "98816", refsource: "BID", url: "http://www.securityfocus.com/bid/98816", }, { name: "1038668", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038668", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-8512", datePublished: "2017-06-15T01:00:00", dateReserved: "2017-05-03T00:00:00", dateUpdated: "2024-08-05T16:41:22.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-8631 (GCVE-0-2017-8631)
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-16 23:32
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100751 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:41:24.205Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "100751", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631", }, { name: "1039315", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039315", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server", }, ], }, ], datePublic: "2017-09-12T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-13T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "100751", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100751", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631", }, { name: "1039315", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039315", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2017-09-12T00:00:00", ID: "CVE-2017-8631", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "100751", refsource: "BID", url: "http://www.securityfocus.com/bid/100751", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631", }, { name: "1039315", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039315", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-8631", datePublished: "2017-09-13T01:00:00Z", dateReserved: "2017-05-03T00:00:00", dateUpdated: "2024-09-16T23:32:04.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3279 (GCVE-0-2016-3279)
Vulnerability from cvelistv5
Published
2016-07-13 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036274 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036275 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/91587 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:59.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036274", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036274", }, { name: "1036275", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { name: "91587", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91587", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-07-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka \"Microsoft Office Remote Code Execution Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1036274", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036274", }, { name: "1036275", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { name: "91587", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91587", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-3279", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka \"Microsoft Office Remote Code Execution Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036274", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036274", }, { name: "1036275", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036275", }, { name: "MS16-088", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088", }, { name: "91587", refsource: "BID", url: "http://www.securityfocus.com/bid/91587", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-3279", datePublished: "2016-07-13T01:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:59.157Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-7290 (GCVE-0-2016-7290)
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94670 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:57:47.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-148", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94670", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94670", }, { name: "1037441", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037441", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7291.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-148", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94670", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94670", }, { name: "1037441", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037441", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-7290", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7291.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-148", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94670", refsource: "BID", url: "http://www.securityfocus.com/bid/94670", }, { name: "1037441", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037441", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-7290", datePublished: "2016-12-20T05:54:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T01:57:47.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-2539 (GCVE-0-2012-2539)
Vulnerability from cvelistv5
Published
2012-12-12 00:00
Modified
2025-02-10 19:01
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-346A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:25.771Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-346A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-346A.html", }, { name: "MS12-079", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079", }, { name: "oval:org.mitre.oval:def:16073", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2012-2539", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T19:01:25.331995Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-28", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-2539", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T19:01:29.021Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-12-11T00:00:00.000Z", descriptions: [ { lang: "en", value: "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"Word RTF 'listoverridecount' Remote Code Execution Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-346A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-346A.html", }, { name: "MS12-079", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079", }, { name: "oval:org.mitre.oval:def:16073", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-2539", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"Word RTF 'listoverridecount' Remote Code Execution Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-346A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-346A.html", }, { name: "MS12-079", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079", }, { name: "oval:org.mitre.oval:def:16073", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-2539", datePublished: "2012-12-12T00:00:00.000Z", dateReserved: "2012-05-09T00:00:00.000Z", dateUpdated: "2025-02-10T19:01:29.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-11826 (GCVE-0-2017-11826)
Vulnerability from cvelistv5
Published
2017-10-13 13:00
Modified
2025-02-10 14:50
Severity ?
EPSS score ?
Summary
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 | x_refsource_CONFIRM | |
| https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/101219 | vdb-entry, x_refsource_BID | |
| https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1039541 | vdb-entry, x_refsource_SECTRACK | |
| https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:19:39.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html", }, { name: "101219", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101219", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/", }, { name: "1039541", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039541", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2017-11826", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T14:43:12.282167Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-11826", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T14:50:33.379Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server.", }, ], }, ], datePublic: "2017-10-10T00:00:00.000Z", descriptions: [ { lang: "en", value: "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-11T23:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826", }, { tags: [ "x_refsource_MISC", ], url: "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html", }, { name: "101219", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101219", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/", }, { name: "1039541", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039541", }, { tags: [ "x_refsource_MISC", ], url: "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2017-10-10T00:00:00", ID: "CVE-2017-11826", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server.", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826", }, { name: "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html", refsource: "MISC", url: "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html", }, { name: "101219", refsource: "BID", url: "http://www.securityfocus.com/bid/101219", }, { name: "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/", refsource: "MISC", url: "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/", }, { name: "1039541", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039541", }, { name: "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/", refsource: "MISC", url: "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-11826", datePublished: "2017-10-13T13:00:00.000Z", dateReserved: "2017-07-31T00:00:00.000Z", dateUpdated: "2025-02-10T14:50:33.379Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-0919 (GCVE-0-2018-0919)
Vulnerability from cvelistv5
Published
2018-03-14 17:00
Modified
2024-09-17 00:41
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040526 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103311 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:11.594Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040526", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040526", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919", }, { name: "103311", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103311", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016", }, ], }, ], datePublic: "2018-03-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\".", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-15T09:57:02", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1040526", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040526", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919", }, { name: "103311", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103311", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2018-03-14T00:00:00", ID: "CVE-2018-0919", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\".", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "1040526", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040526", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919", }, { name: "103311", refsource: "BID", url: "http://www.securityfocus.com/bid/103311", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-0919", datePublished: "2018-03-14T17:00:00Z", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-09-17T00:41:29.189Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1503 (GCVE-0-2020-1503)
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.374Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2016 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1 ", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:04.458Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503", }, ], title: "Microsoft Word Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1503", datePublished: "2020-08-17T19:13:18", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1028 (GCVE-0-2018-1028)
Vulnerability from cvelistv5
Published
2018-04-12 01:00
Modified
2024-08-05 03:44
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040654 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/103641 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Word |
Version: Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 Version: Automation Services on Microsoft SharePoint Server 2013 Service Pack 1 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:11.716Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028", }, { name: "1040654", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040654", }, { name: "103641", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103641", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Word", vendor: "Microsoft", versions: [ { status: "affected", version: "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2", }, { status: "affected", version: "Automation Services on Microsoft SharePoint Server 2013 Service Pack 1", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "Web Apps 2010 Service Pack 2", }, { status: "affected", version: "Web Apps Server 2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2016", }, ], }, { product: "Excel", vendor: "Microsoft", versions: [ { status: "affected", version: "Services on Microsoft SharePoint Enterprise Server 2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], datePublic: "2018-04-11T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka \"Microsoft Office Graphics Remote Code Execution Vulnerability.\" This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-12T09:57:02", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028", }, { name: "1040654", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040654", }, { name: "103641", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103641", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-1028", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Word", version: { version_data: [ { version_value: "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2", }, { version_value: "Automation Services on Microsoft SharePoint Server 2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "Web Apps 2010 Service Pack 2", }, { version_value: "Web Apps Server 2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2016", }, ], }, }, { product_name: "Excel", version: { version_data: [ { version_value: "Services on Microsoft SharePoint Enterprise Server 2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka \"Microsoft Office Graphics Remote Code Execution Vulnerability.\" This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028", }, { name: "1040654", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040654", }, { name: "103641", refsource: "BID", url: "http://www.securityfocus.com/bid/103641", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-1028", datePublished: "2018-04-12T01:00:00", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-08-05T03:44:11.716Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-7291 (GCVE-0-2016-7291)
Vulnerability from cvelistv5
Published
2016-12-20 05:54
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/94671 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037441 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:57:47.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-148", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94671", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94671", }, { name: "1037441", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037441", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7290.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-148", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94671", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94671", }, { name: "1037441", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037441", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-7291", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7290.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-148", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148", }, { name: "94671", refsource: "BID", url: "http://www.securityfocus.com/bid/94671", }, { name: "1037441", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037441", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-7291", datePublished: "2016-12-20T05:54:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T01:57:47.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-1860 (GCVE-0-2012-1860)
Vulnerability from cvelistv5
Published
2012-07-10 21:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:08:38.512Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15265", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka \"SharePoint Search Scope Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15265", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-1860", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka \"SharePoint Search Scope Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS12-050", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15265", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-1860", datePublished: "2012-07-10T21:00:00", dateReserved: "2012-03-22T00:00:00", dateUpdated: "2024-08-06T19:08:38.512Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1335 (GCVE-0-2020-1335)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:32
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:32:01.210Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:57.530Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1335", datePublished: "2020-09-11T17:09:14", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:32:01.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27053 (GCVE-0-2021-27053)
Vulnerability from cvelistv5
Published
2021-03-11 15:46
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-332/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.298Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-332/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2021-03-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:09:23.543Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-332/", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-27053", datePublished: "2021-03-11T15:46:11", dateReserved: "2021-02-10T00:00:00", dateUpdated: "2024-08-03T20:40:47.298Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0025 (GCVE-0-2016-0025)
Vulnerability from cvelistv5
Published
2016-06-16 01:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1036093 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:08:12.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-070", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, { name: "1036093", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036093", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-070", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, { name: "1036093", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036093", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-0025", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-070", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, { name: "1036093", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036093", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-0025", datePublished: "2016-06-16T01:00:00", dateReserved: "2015-12-04T00:00:00", dateUpdated: "2024-08-05T22:08:12.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-8511 (GCVE-0-2017-8511)
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98815 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps Server 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016 for Mac, Microsoft PowerPoint for Mac 2011, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, and Microsoft SharePoint Enterprise Server 2016. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:41:22.292Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "98815", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98815", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps Server 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016 for Mac, Microsoft PowerPoint for Mac 2011, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, and Microsoft SharePoint Enterprise Server 2016.", }, ], }, ], datePublic: "2017-06-13T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "98815", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98815", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-8511", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps Server 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016 for Mac, Microsoft PowerPoint for Mac 2011, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, and Microsoft SharePoint Enterprise Server 2016.", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "98815", refsource: "BID", url: "http://www.securityfocus.com/bid/98815", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-8511", datePublished: "2017-06-15T01:00:00", dateReserved: "2017-05-03T00:00:00", dateUpdated: "2024-08-05T16:41:22.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16932 (GCVE-0-2020-16932)
Vulnerability from cvelistv5
Published
2020-10-16 22:17
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1253/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.867Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1253/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:19:54.513Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1253/", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16932", datePublished: "2020-10-16T22:17:54", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.867Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3889 (GCVE-0-2013-3889)
Vulnerability from cvelistv5
Published
2013-10-09 14:44
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-288A | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:22:01.366Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-084", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { name: "TA13-288A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { name: "oval:org.mitre.oval:def:19132", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132", }, { name: "MS13-085", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085", }, { name: "oval:org.mitre.oval:def:18901", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-08T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-084", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { name: "TA13-288A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { name: "oval:org.mitre.oval:def:19132", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132", }, { name: "MS13-085", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085", }, { name: "oval:org.mitre.oval:def:18901", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3889", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Excel Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-084", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { name: "TA13-288A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { name: "oval:org.mitre.oval:def:19132", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132", }, { name: "MS13-085", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085", }, { name: "oval:org.mitre.oval:def:18901", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3889", datePublished: "2013-10-09T14:44:00", dateReserved: "2013-06-03T00:00:00", dateUpdated: "2024-08-06T16:22:01.366Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3895 (GCVE-0-2013-3895)
Vulnerability from cvelistv5
Published
2013-10-09 14:44
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-288A | third-party-advisory, x_refsource_CERT | |
| http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18991 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:22:01.505Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-084", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { name: "TA13-288A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx", }, { name: "oval:org.mitre.oval:def:18991", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18991", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-08T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka \"Parameter Injection Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-084", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { name: "TA13-288A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx", }, { name: "oval:org.mitre.oval:def:18991", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18991", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3895", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka \"Parameter Injection Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-084", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084", }, { name: "TA13-288A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-288A", }, { name: "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx", refsource: "CONFIRM", url: "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx", }, { name: "oval:org.mitre.oval:def:18991", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18991", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3895", datePublished: "2013-10-09T14:44:00", dateReserved: "2013-06-03T00:00:00", dateUpdated: "2024-08-06T16:22:01.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-1892 (GCVE-0-2011-1892)
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | vendor-advisory, x_refsource_MS | |
| http://securityreason.com/securityalert/8386 | third-party-advisory, x_refsource_SREASON | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:46:00.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "8386", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/8386", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { name: "oval:org.mitre.oval:def:12907", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-09-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "8386", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/8386", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { name: "oval:org.mitre.oval:def:12907", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2011-1892", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS11-074", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "8386", refsource: "SREASON", url: "http://securityreason.com/securityalert/8386", }, { name: "TA11-256A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { name: "oval:org.mitre.oval:def:12907", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2011-1892", datePublished: "2011-09-15T10:00:00", dateReserved: "2011-05-04T00:00:00", dateUpdated: "2024-08-06T22:46:00.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-1716 (GCVE-0-2021-1716)
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1716 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 |
Version: 15.0.1 < publication cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1716", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:44.772Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1716", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1716", datePublished: "2021-01-12T19:42:44", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:44.772Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3357 (GCVE-0-2016-3357)
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92786 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/40406/ | exploit, x_refsource_EXPLOIT-DB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:56:12.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "92786", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92786", }, { name: "1036785", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036785", }, { name: "40406", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40406/", }, { name: "MS16-107", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "92786", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92786", }, { name: "1036785", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036785", }, { name: "40406", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40406/", }, { name: "MS16-107", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-3357", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "92786", refsource: "BID", url: "http://www.securityfocus.com/bid/92786", }, { name: "1036785", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036785", }, { name: "40406", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40406/", }, { name: "MS16-107", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-3357", datePublished: "2016-09-14T10:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:56:12.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1442 (GCVE-0-2020-1442)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office Online Server |
Version: unspecified |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:09.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:44", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1442", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1442", datePublished: "2020-07-14T22:54:44", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:09.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3234 (GCVE-0-2016-3234)
Vulnerability from cvelistv5
Published
2016-06-16 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1036093 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:59.174Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-070", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, { name: "1036093", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036093", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-070", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, { name: "1036093", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036093", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-3234", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-070", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070", }, { name: "1036093", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036093", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-3234", datePublished: "2016-06-16T01:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:59.174Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-8509 (GCVE-0-2017-8509)
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98812 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:41:23.029Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509", }, { name: "98812", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98812", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016", }, ], }, ], datePublic: "2017-06-13T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509", }, { name: "98812", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98812", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-8509", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509", }, { name: "98812", refsource: "BID", url: "http://www.securityfocus.com/bid/98812", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-8509", datePublished: "2017-06-15T01:00:00", dateReserved: "2017-05-03T00:00:00", dateUpdated: "2024-08-05T16:41:23.029Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0892 (GCVE-0-2020-0892)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, ], }, { product: "Office 365 ProPlus", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "64-bit Systems", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:55", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0892", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "2016 for Mac", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, ], }, }, { product_name: "Office 365 ProPlus", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "64-bit Systems", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0892", datePublished: "2020-03-12T15:48:55", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0254 (GCVE-0-2017-0254)
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98101 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038443 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:55:19.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254", }, { name: "98101", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98101", }, { name: "1038443", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038443", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016.", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-07T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254", }, { name: "98101", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98101", }, { name: "1038443", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038443", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0254", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016.", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254", }, { name: "98101", refsource: "BID", url: "http://www.securityfocus.com/bid/98101", }, { name: "1038443", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038443", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0254", datePublished: "2017-05-12T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:55:19.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-2528 (GCVE-0-2012-2528)
Vulnerability from cvelistv5
Published
2012-10-09 21:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/55781 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/cas/techalerts/TA12-283A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:25.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:15680", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680", }, { name: "55781", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/55781", }, { name: "TA12-283A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-064", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-09T00:00:00", descriptions: [ { lang: "en", value: "Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka \"RTF File listid Use-After-Free Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:15680", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680", }, { name: "55781", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/55781", }, { name: "TA12-283A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-064", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-2528", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka \"RTF File listid Use-After-Free Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:15680", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680", }, { name: "55781", refsource: "BID", url: "http://www.securityfocus.com/bid/55781", }, { name: "TA12-283A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-064", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-2528", datePublished: "2012-10-09T21:00:00", dateReserved: "2012-05-09T00:00:00", dateUpdated: "2024-08-06T19:34:25.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0020 (GCVE-0-2017-0020)
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038010 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96050 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Office |
Version: Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:47:57.684Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038010", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038010", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020", }, { name: "96050", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96050", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1", }, ], }, ], datePublic: "2017-03-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1038010", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038010", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020", }, { name: "96050", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96050", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0020", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Office", version: { version_data: [ { version_value: "Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "1038010", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038010", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020", }, { name: "96050", refsource: "BID", url: "http://www.securityfocus.com/bid/96050", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0020", datePublished: "2017-03-17T00:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:47:57.684Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16929 (GCVE-0-2020-16929)
Vulnerability from cvelistv5
Published
2020-10-16 22:17
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1251/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 |
Version: 15.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.739Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1251/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2016 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel_web_app:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Excel Web App 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:19:53.016Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1251/", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16929", datePublished: "2020-10-16T22:17:52", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.739Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1342 (GCVE-0-2020-1342)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:32
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:32:01.184Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft 365 Apps for Enterprise for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft 365 Apps for Enterprise for 64-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:04", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1342", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "2016 for Mac", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft 365 Apps for Enterprise for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft 365 Apps for Enterprise for 64-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1342", datePublished: "2020-07-14T22:54:04", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:32:01.184Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-24070 (GCVE-0-2021-24070)
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 |
Version: 15.0.1 < publication cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:21:17.273Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*", ], platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "https://aka.ms/OfficeSecurityReleases", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:31.368Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-24070", datePublished: "2021-02-25T23:01:35", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-08-03T19:21:17.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-38655 (GCVE-0-2021-38655)
Vulnerability from cvelistv5
Published
2021-09-15 11:24
Modified
2024-08-04 01:51
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1080/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:19.133Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1080/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "16.53.21091200", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "10378.20000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "5215.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5381.1000", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5381.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2021-09-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:37:30.114Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1080/", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-38655", datePublished: "2021-09-15T11:24:14", dateReserved: "2021-08-13T00:00:00", dateUpdated: "2024-08-04T01:51:19.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-1715 (GCVE-0-2021-1715)
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1715 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.480Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1715", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:44.178Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1715", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1715", datePublished: "2021-01-12T19:42:43", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:44.178Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-1761 (GCVE-0-2014-1761)
Vulnerability from cvelistv5
Published
2014-03-24 19:00
Modified
2025-02-10 19:30
Severity ?
EPSS score ?
Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 | vendor-advisory, x_refsource_MS | |
| http://technet.microsoft.com/security/advisory/2953095 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:50:11.185Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS14-017", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://technet.microsoft.com/security/advisory/2953095", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2014-1761", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T19:29:57.899063Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-02-15", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-1761", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T19:30:02.735Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-03-24T00:00:00.000Z", descriptions: [ { lang: "en", value: "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS14-017", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://technet.microsoft.com/security/advisory/2953095", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2014-1761", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS14-017", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017", }, { name: "http://technet.microsoft.com/security/advisory/2953095", refsource: "CONFIRM", url: "http://technet.microsoft.com/security/advisory/2953095", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2014-1761", datePublished: "2014-03-24T19:00:00.000Z", dateReserved: "2014-01-29T00:00:00.000Z", dateUpdated: "2025-02-10T19:30:02.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-8632 (GCVE-0-2017-8632)
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100734 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039315 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:41:24.214Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632", }, { name: "100734", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100734", }, { name: "1039315", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039315", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3", }, ], }, ], datePublic: "2017-09-12T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-13T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632", }, { name: "100734", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100734", }, { name: "1039315", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039315", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2017-09-12T00:00:00", ID: "CVE-2017-8632", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632", }, { name: "100734", refsource: "BID", url: "http://www.securityfocus.com/bid/100734", }, { name: "1039315", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039315", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-8632", datePublished: "2017-09-13T01:00:00Z", dateReserved: "2017-05-03T00:00:00", dateUpdated: "2024-09-17T04:20:07.139Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17125 (GCVE-0-2020-17125)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", ], platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Office Web Apps 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:05.363Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17125", datePublished: "2020-12-09T23:36:47", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0980 (GCVE-0-2020-0980)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.619Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, ], }, { product: "Office 365 ProPlus", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "64-bit Systems", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:13:13", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0980", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "2016 for Mac", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, ], }, }, { product_name: "Office 365 ProPlus", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "64-bit Systems", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0980", datePublished: "2020-04-15T15:13:13", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.619Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }