CVSS: 9.3EPSS: 86%CPEs: 7EXPL: 0CVE-2013-3157
https://notcve.org/view.php?id=CVE-2013-3157
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3155. Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) a través de un fichero Access manipulado, también conocido como "Vulnerabilidad de corrupción de memoria Access", una vulnerabilidad diferente a CVE-2013-3155. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18664 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 86%CPEs: 7EXPL: 0CVE-2013-3155
https://notcve.org/view.php?id=CVE-2013-3155
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157. Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a atacantes remotos ejecutar código arbritrario o provocar una denegación de servicio (corrupción de memoria) a través de un fichero Access manipulado. Aka "Access Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2013-3157. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 86%CPEs: 7EXPL: 0CVE-2013-3156
https://notcve.org/view.php?id=CVE-2013-3156
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerability." Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un archivo Access manipulado, tambien conocida como "Vulnerabilidad de Corrupción de Memoria en Formato de Archivo Access". • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 96%CPEs: 21EXPL: 0CVE-2012-1891 – Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1891
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Data Access Components (MDAC) v2.8 SP1 y SP2 y Windows Data Access Components (WDAC) v6.0, permite a atacantes remotos ejecutar código arbitrario a través de datos XML manipulados que desencadenan el acceso a un objeto no inicializado en la memoria, también conocido como "ADO Cachesize Heap Overflow RCE Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MSADO component. When handling the a user specified CacheSize property the process uses this value to calculate the 'real' cache size. • http://www.us-cert.gov/cas/techalerts/TA12-192A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14783 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-908: Use of Uninitialized Resource •
CVSS: 5.0EPSS: 7%CPEs: 2EXPL: 0CVE-2012-0147
https://notcve.org/view.php?id=CVE-2012-0147
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 y SP1 Update 1 no configura de forma adecuada el sitio Web por defecto, lo que permite a atacantes remotos obtener información sensible a través de peticiones HTTPS manipuladas, también conocida como "Unfiltered Access to UAG Default Website Vulnerability." • http://osvdb.org/81132 http://secunia.com/advisories/48787 http://www.securityfocus.com/bid/52909 http://www.securitytracker.com/id?1026909 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/74368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557 • CWE-16: Configuration •