Vulnerabilites related to microsoft - onenote
Vulnerability from fkie_nvd
Published
2017-04-12 14:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "83434795-4772-48E2-B604-9AAC6ECDE0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "18AE1481-1E92-42F9-9E2E-C9C19353E580",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office DLL Loading Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft OneNote 2007 SP3 y Microsoft OneNote 2010 SP2 permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office DLL Loading Vulnerability\"."
}
],
"id": "CVE-2017-0197",
"lastModified": "2024-11-21T03:02:32.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-12T14:59:01.123",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038241"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-15 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98812 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98812 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | onenote | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50A4D0-ABF4-4EB2-AF63-C8D7E9920099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Office cuando el software no maneja apropiadamente los objetos en la memoria, tambi\u00e9n se conoce como \"Office Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260 y CVE-2017-8506."
}
],
"id": "CVE-2017-8509",
"lastModified": "2024-11-21T03:34:09.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-15T01:29:03.820",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98812"
},
{
"source": "secure@microsoft.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-14 00:15
Modified
2024-11-21 08:04
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Microsoft OneNote Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E92C5E61-C3A9-46BE-ABA1-2B83E68F9929",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote Spoofing Vulnerability"
}
],
"id": "CVE-2023-33140",
"lastModified": "2024-11-21T08:04:58.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-06-14T00:15:12.433",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-09 21:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "83434795-4772-48E2-B604-9AAC6ECDE0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "18AE1481-1E92-42F9-9E2E-C9C19353E580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE03F7A7-90F4-4D41-9529-B36937CD94D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "BBB1E19F-6870-429A-AB66-D7BBF3845AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "80F1EA3D-FD2D-4CB2-A93A-DFAD3187AFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "91F0608A-554C-489C-859F-49A8F895D27A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016 y 2016 para Mac permiten a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un archivo OneNote manipulado, tambi\u00e9n conocida como \"Microsoft OneNote Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2016-3315",
"lastModified": "2024-11-21T02:49:47.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-09T21:59:21.677",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/92294"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-06 23:15
Modified
2024-11-21 08:10
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Microsoft OneNote Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "B387F71D-A159-4960-9C4D-62EDBAAFC02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "BBB1E19F-6870-429A-AB66-D7BBF3845AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "80F1EA3D-FD2D-4CB2-A93A-DFAD3187AFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3B005-5BCF-49F2-978E-9095006A708C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2021:*:*:*:ltsc:*:*:*",
"matchCriteriaId": "188051CE-EEDE-4D08-87E9-396CA06271CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft OneNote"
}
],
"id": "CVE-2023-36769",
"lastModified": "2024-11-21T08:10:33.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-06T23:15:10.373",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:16
Modified
2025-01-27 18:34
Severity ?
Summary
Microsoft Office OneNote Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*",
"matchCriteriaId": "0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*",
"matchCriteriaId": "873BD998-9D5A-4C09-A3B3-4DB12ABB6F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:-:*:*:*:*:macos:*:*",
"matchCriteriaId": "C4EC14DE-82C6-495B-BFD8-8D1FA781D50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office OneNote Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Office OneNote"
}
],
"id": "CVE-2025-21402",
"lastModified": "2025-01-27T18:34:23.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:16:04.190",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-641"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-14 20:15
Modified
2024-11-21 07:43
Severity ?
Summary
Microsoft OneNote Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:*:*:*:*:*:android:*:*",
"matchCriteriaId": "4FB4760C-41F5-4D36-AB69-163AD6B9E158",
"versionEndExcluding": "16.0.16026.20158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote Elevation of Privilege Vulnerability"
}
],
"id": "CVE-2023-21721",
"lastModified": "2024-11-21T07:43:30.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2023-02-14T20:15:14.680",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-03 01:28
Modified
2024-11-21 00:26
Severity ?
Summary
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | access | 2000 | |
| microsoft | access | 2002 | |
| microsoft | access | 2003 | |
| microsoft | excel | 2000 | |
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2004 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | frontpage | 2000 | |
| microsoft | frontpage | 2002 | |
| microsoft | frontpage | 2003 | |
| microsoft | infopath | 2003 | |
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | 2004 | |
| microsoft | office | xp | |
| microsoft | onenote | 2003 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook | 2002 | |
| microsoft | outlook | 2003 | |
| microsoft | powerpoint | 2000 | |
| microsoft | powerpoint | 2002 | |
| microsoft | powerpoint | 2003 | |
| microsoft | powerpoint | 2004 | |
| microsoft | project | 2000 | |
| microsoft | project | 2002 | |
| microsoft | project | 2003 | |
| microsoft | publisher | 2000 | |
| microsoft | publisher | 2002 | |
| microsoft | publisher | 2003 | |
| microsoft | visio | 2002 | |
| microsoft | visio | 2003 | |
| microsoft | word | 2000 | |
| microsoft | word | 2002 | |
| microsoft | word | 2003 | |
| microsoft | word_viewer | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7BA07-3BCA-41CF-B5D3-341E912650A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "83DFFFF4-EA09-48C5-A600-A62C1A1A7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4AE5AF-C83E-4802-B75C-0058742A4997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "CE1A1218-8033-4F3C-B8D7-7D1D61A273E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6629C-BF53-49A1-B32C-A828CA0A0500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "794FCFBF-2D55-4ECE-825E-180616DB35FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*",
"matchCriteriaId": "6F0EF69E-52BA-4D7C-B470-CB4A92DA7EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "95648599-D3B3-4043-821C-D385FB7A77CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFF713-0884-43BF-9AB8-777664FD64AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de vectores de ataque desconocidos, como es demostrado por el archivo Exploit-MSExcel.h en ataques de d\u00eda cero dirigidos."
}
],
"id": "CVE-2007-0671",
"lastModified": "2024-11-21T00:26:27.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-03T01:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/31901"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24008"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1017584"
},
{
"source": "secure@microsoft.com",
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"source": "secure@microsoft.com",
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/22383"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-11 11:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034117 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1034119 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1034122 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034117 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034119 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034122 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:access:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AAB5D3AF-369A-48A0-BFA1-9F0D1ACE1F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "7122C5BF-C7C8-4B20-AACF-03F0ED83A7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3E995599-F698-4E73-9401-4CA47FADFCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0E42DC73-F1D0-47CD-BED8-DB2C6E044E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4C919D14-520A-4C10-850F-14AA80BF4B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA2DE6A4-A857-4BE3-B7EA-3C3A6B05DFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C1273DC0-2188-4D5C-963D-761683B93A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8B854E18-7CB0-43F7-9EBF-E356FA176B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2007_ime:sp3:*:*:ja:*:*:*:*",
"matchCriteriaId": "ABB6C9AE-3F75-4F94-A295-A5A31A2BE0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "83434795-4772-48E2-B604-9AAC6ECDE0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "18AE1481-1E92-42F9-9E2E-C9C19353E580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE03F7A7-90F4-4D41-9529-B36937CD94D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "BBB1E19F-6870-429A-AB66-D7BBF3845AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "80F1EA3D-FD2D-4CB2-A93A-DFAD3187AFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "B73F56F0-4983-48F8-A34B-CBA8B023AE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "904623F9-BEC4-4D9C-AC7E-AFBFFDF928CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA3A3C2-DB00-4095-B445-5A5041EB3194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0B02D845-F95D-44D7-AB4C-2E464C3AB783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "597153BC-B8A7-45E5-AE3F-D897FAE4C7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8AB29E20-496D-4CDA-918B-40E4ABB3ECBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "78E9611F-1DE1-4FB2-9C70-16602FFC73C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EB39B6EE-BC01-4D21-A3D8-CDDA268C55FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3AA120-CE06-40A3-ADC4-C42077509287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "D499807D-91F3-447D-B9F0-D612898C9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "387D78BD-2368-4525-BFC2-52149585E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japon\u00e9s) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016 y Lync 2013 SP1 permiten a atacantes remotos eludir un mecanismo de protecci\u00f3n sandbox y obtener privilegios a trav\u00e9s de una p\u00e1gina web manipulada a la que se accede con Internet Explorer, seg\u00fan lo demostrado por una transici\u00f3n de Low Integrity a Medium Integrity, tambi\u00e9n conocida como \u0027Microsoft Office Elevation of Privilege Vulnerability\u0027."
}
],
"id": "CVE-2015-2503",
"lastModified": "2024-11-21T02:27:30.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-11T11:59:18.423",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034119"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-28 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:sp2:sdk:*:*:*:*:*",
"matchCriteriaId": "644D1C0E-482D-4C6D-AE9D-6B1F99306BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:digital_image_pro:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DED35E4C-1108-44AE-BA55-A008EB9864ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:digital_image_pro:9:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC28680-6FA1-424A-BB8D-5E37E04D4089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:digital_image_suite:9:*:*:*:*:*:*:*",
"matchCriteriaId": "370835D5-D28A-4961-B1B4-72E889596D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:greetings:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "69AFBA4D-6F42-4ED9-9DF4-4A9C29B3ED8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:picture_it:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D85EB5B-A9FE-497E-9922-6D6BDD0C6975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:picture_it:9:*:*:*:*:*:*:*",
"matchCriteriaId": "A27F0EA6-C023-47C5-8F26-7E8A665533F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:picture_it:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "337555B3-6318-41FE-9AD7-6CEAA46F0DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:producer:*:gold:office_powerpoints:*:*:*:*:*",
"matchCriteriaId": "999276CD-D074-4AB1-A53E-5133A3B7BFF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_basic:2002:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "B3B633A9-519A-4179-9F10-3C2C5C9BA6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_basic:2003:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "D6D51C0E-BFF4-46A0-A8FD-45BE591DA347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_c\\#:2002:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "1A1D8127-80AC-4D5B-9D1C-DA2406EF6666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_c\\#:2003:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "8916C0DE-2759-4F97-B7D7-0BCFDC41AB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2002:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "F1090984-34A7-4A21-B903-3FF5E5AB7D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2003:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "A0BED5B2-5F57-4FC8-8B51-908A311B480B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_j\\#_.net:2003:*:.net_standard:*:*:*:*:*",
"matchCriteriaId": "CC13A32B-5F2A-42A4-95B5-D13EE78F013B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:gold:*:*:*:*:*:*",
"matchCriteriaId": "E17BD019-DD35-413E-ACBA-2E77C8A1247D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*",
"matchCriteriaId": "B9E6C132-4F4B-4FB0-9DDC-DD9750D8552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un campo de longitud JPEG COM peque\u00f1o que es normalizado a una longitud de entero grande antes de una operaci\u00f3n de copia de memoria."
}
],
"id": "CVE-2004-0200",
"lastModified": "2024-11-20T23:47:59.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-09-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-07 23:41
Modified
2024-11-21 00:48
Severity ?
Summary
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | access | 2007 | |
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | frontpage | 2003 | |
| microsoft | groove | 2007 | |
| microsoft | infopath | 2003 | |
| microsoft | infopath | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office | 2007 | |
| microsoft | office_communicator | 2007 | |
| microsoft | onenote | 2003 | |
| microsoft | outlook | 2003 | |
| microsoft | outlook | 2007 | |
| microsoft | powerpoint | 2003 | |
| microsoft | powerpoint | 2007 | |
| microsoft | project_professional | 2007 | |
| microsoft | project_standard | 2007 | |
| microsoft | publisher | 2003 | |
| microsoft | publisher | 2007 | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | visio_professional | 2007 | |
| microsoft | visio_standard | 2007 | |
| microsoft | windows_live_mail | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:access:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4D3093-F17C-4BCF-8F4A-F15057C55F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "355F60DB-EC9A-4054-8023-BD16D5723C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A007966C-7620-4625-AD2B-6A147577EB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_communicator:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "61116145-828F-479D-9267-76BAB633B23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A947639C-B1D3-4297-B4BB-AD799C979BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project_professional:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "1C58C5D7-B6F0-4C95-A305-ED37629E2A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project_standard:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D468F3-894D-409E-A7CE-EAA5919362E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "190A4DF4-EA93-4E18-BA96-7A7AC48831F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "7E057F77-9197-4BC9-A0A1-A71850F59D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio_professional:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A72192-B10A-4E42-AE68-FE1CB8DA573F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio_standard:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9D837BA2-BAC0-4B72-A1DD-CB4A1CA5A347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_mail:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3CA537-AAF9-4356-AE7E-0AC14E5AFADF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
},
{
"lang": "es",
"value": "Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocaci\u00f3n de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electr\u00f3nico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura y direcciones IP de recipientes, y resultados de escaneo de puerto, a trav\u00e9s de \r\nun certificado manipulado con una extensi\u00f3n de de una Authority Information Access (AIA).\r\n"
}
],
"id": "CVE-2008-3068",
"lastModified": "2024-11-21T00:48:20.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-07T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3978"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28548"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019736"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019737"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019738"
},
{
"source": "cve@mitre.org",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-12 21:55
Modified
2024-11-21 02:06
Severity ?
Summary
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "83434795-4772-48E2-B604-9AAC6ECDE0B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka \"OneNote Remote Code Execution Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft OneNote 2007 SP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero OneNote manipulado que provoca la creaci\u00f3n de un fichero ejecutable en una carpeta de inicio, tambi\u00e9n conocido como \u0027vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto OneNote.\u0027"
}
],
"id": "CVE-2014-2815",
"lastModified": "2024-11-21T02:06:59.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2014-08-12T21:55:06.913",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/60672"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/69098"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030717"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/60672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/69098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-10 22:07
Modified
2024-11-21 00:14
Severity ?
Summary
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | access | 2000 | |
| microsoft | access | 2002 | |
| microsoft | access | 2003 | |
| microsoft | excel | 2000 | |
| microsoft | excel | 2002 | |
| microsoft | excel | 2003 | |
| microsoft | excel_viewer | 2003 | |
| microsoft | frontpage | 2000 | |
| microsoft | frontpage | 2002 | |
| microsoft | frontpage | 2003 | |
| microsoft | infopath | 2003 | |
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | 2004 | |
| microsoft | office | xp | |
| microsoft | onenote | 2003 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook | 2002 | |
| microsoft | outlook | 2003 | |
| microsoft | powerpoint | 2000 | |
| microsoft | powerpoint | 2002 | |
| microsoft | powerpoint | 2003 | |
| microsoft | powerpoint | 2004 | |
| microsoft | project | 2000 | |
| microsoft | project | 2002 | |
| microsoft | project | 2003 | |
| microsoft | publisher | 2000 | |
| microsoft | publisher | 2002 | |
| microsoft | publisher | 2003 | |
| microsoft | visio | 2002 | |
| microsoft | visio | 2003 | |
| microsoft | word | 2000 | |
| microsoft | word | 2002 | |
| microsoft | word | 2003 | |
| microsoft | word_viewer | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7BA07-3BCA-41CF-B5D3-341E912650A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "83DFFFF4-EA09-48C5-A600-A62C1A1A7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4AE5AF-C83E-4802-B75C-0058742A4997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6629C-BF53-49A1-B32C-A828CA0A0500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "794FCFBF-2D55-4ECE-825E-180616DB35FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*",
"matchCriteriaId": "6F0EF69E-52BA-4D7C-B470-CB4A92DA7EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "95648599-D3B3-4043-821C-D385FB7A77CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFF713-0884-43BF-9AB8-777664FD64AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un \"fichero artesanal\" no especificado, una vulnerabilidad diferente que CVE-2006-3435, CVE-2006-4694, y CVE-2006-3876."
}
],
"id": "CVE-2006-3877",
"lastModified": "2024-11-21T00:14:37.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-10T22:07:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1017030"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/29448"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/20325"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-3315
Vulnerability from cvelistv5
Published
2016-08-09 21:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036559 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92294 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3315",
"datePublished": "2016-08-09T21:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-21402
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-01-28 00:28
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2021 |
Version: 16.0.1 < 16.93.25011212 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T21:13:24.403697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T21:13:44.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.93.25011212",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.93.25011212",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.92.24120731",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.93.25011212",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.93.25011212",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_mac:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.92.24120731",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-01-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Office OneNote Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-641",
"description": "CWE-641: Improper Restriction of Names for Files and Other Resources",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T00:28:08.053Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Office OneNote Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402"
}
],
"title": "Microsoft Office OneNote Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21402",
"datePublished": "2025-01-14T18:04:46.460Z",
"dateReserved": "2024-12-11T00:29:48.375Z",
"dateUpdated": "2025-01-28T00:28:08.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2503
Vulnerability from cvelistv5
Published
2015-11-11 11:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034117 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1034122 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034119 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2503",
"datePublished": "2015-11-11T11:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3068
Vulnerability from cvelistv5
Published
2008-07-07 23:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28548"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28548"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
},
{
"name": "3978",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3978"
},
{
"name": "20080709 Re: Unauthorized reading confirmation from Outlook",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
},
{
"name": "28548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28548"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
},
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
},
{
"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt",
"refsource": "MISC",
"url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
},
{
"name": "1019736",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019736"
},
{
"name": "1019738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019738"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
},
{
"name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019737"
},
{
"name": "https://www.cynops.de/techzone/http_over_x509.html",
"refsource": "MISC",
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3068",
"datePublished": "2008-07-07T23:00:00",
"dateReserved": "2008-07-07T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36769
Vulnerability from cvelistv5
Published
2023-11-06 22:51
Modified
2025-01-01 01:59
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:08.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft OneNote 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5408.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Microsoft OneNote 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5579.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Microsoft OneNote 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5579.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5408.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2013:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0.5579.1000",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2013:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0.5579.1000",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-08-15T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:59:17.503Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
],
"title": "Microsoft OneNote Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36769",
"datePublished": "2023-11-06T22:51:21.878Z",
"dateReserved": "2023-06-27T15:11:59.869Z",
"dateUpdated": "2025-01-01T01:59:17.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0671
Vulnerability from cvelistv5
Published
2007-02-03 01:00
Modified
2024-08-07 12:26
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0463",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2007-0463",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0463",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0463"
},
{
"name": "oval:org.mitre.oval:def:301",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
},
{
"name": "31901",
"refsource": "OSVDB",
"url": "http://osvdb.org/31901"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/932553.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
},
{
"name": "VU#613740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/613740"
},
{
"name": "1017584",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017584"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=191",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=191"
},
{
"name": "24008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24008"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "MS07-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "office-unspecified-code-execution(32178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
},
{
"name": "http://vil.nai.com/vil/content/v_141393.htm",
"refsource": "MISC",
"url": "http://vil.nai.com/vil/content/v_141393.htm"
},
{
"name": "22383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0671",
"datePublished": "2007-02-03T01:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2815
Vulnerability from cvelistv5
Published
2014-08-12 21:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030717 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/60672 | third-party-advisory, x_refsource_SECUNIA | |
| http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx | x_refsource_CONFIRM | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/69098 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:44.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030717"
},
{
"name": "60672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx"
},
{
"name": "MS14-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048"
},
{
"name": "69098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka \"OneNote Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T16:06:19",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1030717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030717"
},
{
"name": "60672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx"
},
{
"name": "MS14-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048"
},
{
"name": "69098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka \"OneNote Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030717"
},
{
"name": "60672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60672"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx"
},
{
"name": "MS14-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048"
},
{
"name": "69098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69098"
},
{
"name": "http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2014-2815",
"datePublished": "2014-08-12T21:00:00",
"dateReserved": "2014-04-10T00:00:00",
"dateUpdated": "2024-08-06T10:28:44.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41159
Vulnerability from cvelistv5
Published
2024-12-18 22:39
Modified
2024-12-20 17:31
Severity ?
EPSS score ?
Summary
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-18T23:02:59.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1975"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:31:42.942957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:31:52.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OneNote",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "16.83 for macOS"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T22:39:10.003Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1975",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1975"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-41159",
"datePublished": "2024-12-18T22:39:10.003Z",
"dateReserved": "2024-08-05T20:37:16.296Z",
"dateUpdated": "2024-12-20T17:31:52.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3877
Vulnerability from cvelistv5
Published
2006-10-10 22:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified \"crafted file,\" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20325"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#205948",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/205948"
},
{
"name": "oval:org.mitre.oval:def:568",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "MS07-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
},
{
"name": "ADV-2006-3977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "oval:org.mitre.oval:def:220",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220"
},
{
"name": "MS06-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "29448",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29448"
},
{
"name": "1017030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3877",
"datePublished": "2006-10-10T22:00:00",
"dateReserved": "2006-07-26T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0200
Vulnerability from cvelistv5
Published
2004-09-17 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:3038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:3038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:3038",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038"
},
{
"name": "oval:org.mitre.oval:def:1105",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105"
},
{
"name": "VU#297462",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/297462"
},
{
"name": "TA04-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html"
},
{
"name": "oval:org.mitre.oval:def:3320",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320"
},
{
"name": "oval:org.mitre.oval:def:2706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706"
},
{
"name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109524346729948\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721"
},
{
"name": "oval:org.mitre.oval:def:3082",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082"
},
{
"name": "MS04-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028"
},
{
"name": "oval:org.mitre.oval:def:4003",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003"
},
{
"name": "oval:org.mitre.oval:def:3810",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810"
},
{
"name": "oval:org.mitre.oval:def:4216",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216"
},
{
"name": "oval:org.mitre.oval:def:4307",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307"
},
{
"name": "oval:org.mitre.oval:def:3881",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881"
},
{
"name": "win-jpeg-bo(16304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0200",
"datePublished": "2004-09-17T04:00:00",
"dateReserved": "2004-03-11T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21721
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:41
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft | Microsoft OneNote for Android |
Version: 16.0.1 < 16.0.16026.20158 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:49.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OneNote Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.16026.20158",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.16026.20158",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:41:22.970Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
}
],
"title": "Microsoft OneNote Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21721",
"datePublished": "2023-02-14T19:32:48.000Z",
"dateReserved": "2022-12-13T18:08:03.492Z",
"dateUpdated": "2025-01-01T00:41:22.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33140
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-01-01 01:44
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft | Microsoft OneNote for Universal |
Version: 16.0.0 < 16.0.14326.21450 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote for Universal",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.14326.21450",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_universal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.14326.21450",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:16.270Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
}
],
"title": "Microsoft OneNote Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33140",
"datePublished": "2023-06-13T23:26:26.972Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2025-01-01T01:44:16.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8509
Vulnerability from cvelistv5
Published
2017-06-15 01:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98812 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8509",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0197
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97411 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038241 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197 | x_refsource_CONFIRM | |
| https://twitter.com/buffaloverflow/status/852937040480149505 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Office |
Version: OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "OneNote 2007 SP3 and Microsoft OneNote 2010 SP2"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office DLL Loading Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "97411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "OneNote 2007 SP3 and Microsoft OneNote 2010 SP2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office DLL Loading Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038241"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"name": "https://twitter.com/buffaloverflow/status/852937040480149505",
"refsource": "MISC",
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0197",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}