CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0194
https://notcve.org/view.php?id=CVE-2017-0194
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2 y Office Compatibility Pack SP2 permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un documento Office manipulado, vulnerabilidad también conocida como "Vulnerabilidad de divulgación de información de Microsoft Office". • http://www.securityfocus.com/bid/97436 http://www.securitytracker.com/id/1038244 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0195
https://notcve.org/view.php?id=CVE-2017-0195
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability." Microsoft Excel Services en Microsoft SharePoint Server 2010 SP1 y SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 y Office Online Server permiten a atacantes remotos llevar a cabo XXS y ejecutar secuencias de comandos con privilegios de usuario local a través de una solicitud manipulada, vulnerabilidad también conocida como "Microsoft Office XSS Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/97417 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 12%CPEs: 4EXPL: 0CVE-2017-0020
https://notcve.org/view.php?id=CVE-2017-0020
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052 y CVE-2017-0053. • http://www.securityfocus.com/bid/96050 http://www.securitytracker.com/id/1038010 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0027
https://notcve.org/view.php?id=CVE-2017-0027
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Services en SharePoint Server 2013 SP1 permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un documento de Office manipulado, vulnerabilidad también conocida como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/96043 http://www.securitytracker.com/id/1038010 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 5%CPEs: 4EXPL: 0CVE-2016-7267
https://notcve.org/view.php?id=CVE-2016-7267
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1 y 2016 no analiza correctamente formatos de archivos, lo que facilita a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/94664 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-20: Improper Input Validation •