CVSS: 9.3EPSS: 29%CPEs: 10EXPL: 0CVE-2018-1028
https://notcve.org/view.php?id=CVE-2018-1028
12 Apr 2018 — A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server. Existe una vulnerabilidad de ejecución remota de código cuando el componente de gráficos de Office gestiona fuentes embebidas especialmente manipuladas. Esto también se conoce como "Microsoft Office Graphics Remote ... • http://www.securityfocus.com/bid/103641 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1032
https://notcve.org/view.php?id=CVE-2018-1032
12 Apr 2018 — An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1034. Existe una vulnerabilidad de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialm... • http://www.securityfocus.com/bid/103632 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 4%CPEs: 13EXPL: 0CVE-2018-0919
https://notcve.org/view.php?id=CVE-2018-0919
14 Mar 2018 — Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vul... • http://www.securityfocus.com/bid/103311 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 12%CPEs: 17EXPL: 0CVE-2018-0922
https://notcve.org/view.php?id=CVE-2018-0922
14 Mar 2018 — Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Wor... • http://www.securityfocus.com/bid/103314 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 7%CPEs: 3EXPL: 0CVE-2018-0789
https://notcve.org/view.php?id=CVE-2018-0789
10 Jan 2018 — Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790. Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 y Microsoft SharePoint Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se gestionan las petici... • http://www.securityfocus.com/bid/102394 •
CVSS: 8.8EPSS: 6%CPEs: 3EXPL: 0CVE-2018-0790
https://notcve.org/view.php?id=CVE-2018-0790
10 Jan 2018 — Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789. Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 y Microsoft SharePoint Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se gestionan las petici... • http://www.securityfocus.com/bid/102391 •
CVSS: 9.3EPSS: 24%CPEs: 16EXPL: 0CVE-2018-0797
https://notcve.org/view.php?id=CVE-2018-0797
10 Jan 2018 — Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability". Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestiona el contenido RTF. Esto también se conoce como "Microsoft Word Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/102406 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 90%CPEs: 13EXPL: 1CVE-2017-11826 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11826
13 Oct 2017 — Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 y 2013, Word Viewer, Word 2007, 2010, 2013 y 2016, Word Auto... • https://github.com/thatskriptkid/CVE-2017-11826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 27%CPEs: 11EXPL: 0CVE-2017-8742
https://notcve.org/view.php?id=CVE-2017-8742
13 Sep 2017 — A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle ob... • http://www.securityfocus.com/bid/100741 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 12EXPL: 0CVE-2017-8512
https://notcve.org/view.php?id=CVE-2017-8512
15 Jun 2017 — A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el programa no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Office Remote Code Execution Vulnerability". E... • http://www.securityfocus.com/bid/98816 •