CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2019-0953 – Microsoft Windows Mail HTML Line Breaking Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0953
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Existe una vulnerabilidad de ejecución remota de código en el software Microsoft Word, cuando no puede manejar correctamente los objetos en la memoria, también se conoce como "Microsoft Word Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logic that implements automatic line breaks when displaying HTML content in the Windows Mail app. By manipulating a document's elements, an attacker can trigger a read past the end of an allocated array. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0953 •
CVSS: 9.3EPSS: 23%CPEs: 16EXPL: 0CVE-2019-0585 – Microsoft Office Word wwlib Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0585
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server. Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft Word cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como "Microsoft Word Remote Code Execution Vulnerability". Esto afecta a Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word y Microsoft SharePoint Server. • http://www.securityfocus.com/bid/106392 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585 •
CVSS: 9.3EPSS: 2%CPEs: 15EXPL: 0CVE-2018-8628 – Microsoft Office PowerPoint PPT File Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8628
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server. Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft PowerPoint cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como "Microsoft PowerPoint Remote Code Execution Vulnerability". Esto afecta a Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server y Microsoft SharePoint Server. • http://www.securityfocus.com/bid/106104 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8247
https://notcve.org/view.php?id=CVE-2018-8247
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245. Existe una vulnerabilidad de elevación de privilegios cuando Office Web Apps Server 2013 y Office Online Server fracasan a la hora de gestionar correctamente peticiones web. Esto también se conoce como "Microsoft Office Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/104319 http://www.securitytracker.com/id/1041104 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-0919
https://notcve.org/view.php?id=CVE-2018-0919
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability". Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 y Microsoft Word 2016 permiten una vulnerabilidad de divulgación de información debido a la forma en la que se inicializan las variables. Estot ambién se conoce como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/103311 http://www.securitytracker.com/id/1040526 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •