CVE-2012-1889 – Microsoft XML Core Services Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-1889
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web modificado. Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution. • https://www.exploit-db.com/exploits/19186 https://github.com/whu-enjoy/CVE-2012-1889 http://technet.microsoft.com/security/advisory/2719615 http://www.us-cert.gov/cas/techalerts/TA12-174A.html http://www.us-cert.gov/cas/techalerts/TA12-192A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195 • CWE-787: Out-of-bounds Write •
CVE-2011-1989 – Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2011-1989
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability." Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Service Pack 1 Gold y SP1; Excel en Office 2010 Service Pack 1 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, Servicios de Excel en Office SharePoint Server 2007 SP2, Servicios de Excel en Office SharePoint Server 2010 Gold y SP1, y Excel Web Access 2010 Gold y SP1 no analizan correctamente las expresiones condicionales asociadas con requisitos de formato, lo que permite a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo debidamente modificada. Es un problema también conocido como "Vulnerabilidad de análisis de expresiones condicionales de Excel". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses expressions used for determining formatting requirements. • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 • CWE-20: Improper Input Validation •
CVE-2011-1892 – SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
https://notcve.org/view.php?id=CVE-2011-1892
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." Microsoft Office Groove 2007 Service Pack 2, SharePoint Workspace 2010 Gold y SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold y SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold y SP1, Windows SharePoint Services 3.0 SP2, Windows SharePoint 2010 y Office Web Aplicaciones 2010 Gold y SP1 no gestionan correctamente las partes web que contienen clases XML que referencian a entidades externas, lo que permite a usuarios remotos autenticados leer ficheros de su elección a través de un archivo XML o XSL debidamente modificados. Es un problema también conocido como "Vulnerabilidad de revelado de fichero remoto de Sharepoint." SharePoint 2007 / 2010 and DotNetNuke versions prior to 6 suffer from a file disclosure vulnerability. • https://www.exploit-db.com/exploits/17873 http://securityreason.com/securityalert/8386 http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1990 – Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1990
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability." Microsoft Excel 2007 Service Pack 2; Excel en Office 2007 SP2, Excel Viewer SP2, Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, y Servicios de Excel en Office SharePoint Server 2007 SP2 no validan correctamente el signo de un índice no especificado de una matriz, lo que permite ejecutar código de su elección a atacantes remotos a través de una hoja de cálculo debidamente modificada. Es un problema también conocido como "Vulnerabilidad de indexación de matrices fuera de límites". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of a record inside a Microsoft Office Excel or PowerPoint document. • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3964 – Microsoft SharePoint Server Arbitrary File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3964
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." Vulnerabilidad de subida de archivos sin restricciones en el Document Conversions Launcher Service en Microsoft Office SharePoint Server 2007 SP2, cuando Document Conversions Load Balancer Service está habilitado, permite a los atacantes remotos ejecutar código arbitrario mediante una solicitud SOAP diseñada al puerto TCP 8082, también se conoce como "Malformed Request Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Office Document Conversions Launcher service and occurs due to insufficient parameter validation on a particular SOAP request. Sucessful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. • https://www.exploit-db.com/exploits/20122 http://osvdb.org/69817 http://secunia.com/advisories/42631 http://www.securityfocus.com/bid/45264 http://www.securitytracker.com/id?1024886 http://www.us-cert.gov/cas/techalerts/TA10-348A.html http://www.vupen.com/english/advisories/2010/3226 http://www.zerodayinitiative.com/advisories/ZDI-10-287 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-104 https://oval.cisecurity.org/repository/search/definition/ova •