CVSS: 5.0EPSS: 29%CPEs: 2EXPL: 0CVE-2013-0095
https://notcve.org/view.php?id=CVE-2013-0095
13 Mar 2013 — Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." Outlook en Microsoft Office para Mac 2008 anterior a v12.3.6 y Office para Mac 2011 anterior a v14.3.2 permite a atacantes remotos ... • http://www.us-cert.gov/ncas/alerts/TA13-071A • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 64%CPEs: 9EXPL: 0CVE-2012-1885
https://notcve.org/view.php?id=CVE-2012-1885
14 Nov 2012 — Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Office 2008 y 2011 para Mac; y Office Compatibility Pack SP2 y SP3 ,permite a atacantes remotos ejecutar código a... • http://www.securityfocus.com/bid/56425 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 61%CPEs: 7EXPL: 0CVE-2012-1887
https://notcve.org/view.php?id=CVE-2012-1887
14 Nov 2012 — Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." Vulnerabilidad de uso después de la liberación en Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1, y Office 2008 y 2011 para Mac, permite a atacantes remotos producir una ejecución de código mediante una hoja de cálculo manipulada, también conoc... • http://www.securityfocus.com/bid/56430 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 92%CPEs: 34EXPL: 0CVE-2012-1856 – Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1856
15 Aug 2012 — The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via... • http://www.securityfocus.com/bid/54948 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 53%CPEs: 3EXPL: 0CVE-2012-2524
https://notcve.org/view.php?id=CVE-2012-2524
15 Aug 2012 — Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." Microsoft Office 2007 SP2 y SP3 y 2010 SP1 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado Computer Graphics Metafile (CGM), también conocido como "CGM... • http://www.us-cert.gov/cas/techalerts/TA12-227A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-1854
https://notcve.org/view.php?id=CVE-2012-1854
10 Jul 2012 — Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. Vulnerabilidad de búsq... • http://www.us-cert.gov/cas/techalerts/TA12-192A.html •
CVSS: 9.3EPSS: 63%CPEs: 10EXPL: 0CVE-2012-1847 – Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1847
09 May 2012 — Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Com... • http://secunia.com/advisories/49112 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 61%CPEs: 9EXPL: 0CVE-2012-0142
https://notcve.org/view.php?id=CVE-2012-0142
09 May 2012 — Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no maneja cor... • http://secunia.com/advisories/49112 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 71%CPEs: 2EXPL: 0CVE-2012-0143
https://notcve.org/view.php?id=CVE-2012-0143
09 May 2012 — Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." Microsoft Excel 2003 SP3 y Office 2008 para Mac no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo manipulada, también conocido como "Vuln... • http://secunia.com/advisories/49112 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 66%CPEs: 28EXPL: 0CVE-2012-0159 – Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)
https://notcve.org/view.php?id=CVE-2012-0159
09 May 2012 — Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Wind... • http://secunia.com/advisories/49121 • CWE-399: Resource Management Errors •