CVSS: 5.0EPSS: 6%CPEs: 2EXPL: 0CVE-2013-0095
https://notcve.org/view.php?id=CVE-2013-0095
Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." Outlook en Microsoft Office para Mac 2008 anterior a v12.3.6 y Office para Mac 2011 anterior a v14.3.2 permite a atacantes remotos activar el acceso a una URL remota, y en consecuencia confirmar la prestación de un mensaje de correo electrónico HTML mediante la inclusión de elementos HTML5 no especificados y el aprovechamiento de la instalación de un navegador WebKit en la máquina de la víctima, también conocido como "Unintended Content Loading Vulnerability". • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16082 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 93%CPEs: 7EXPL: 0CVE-2012-1887
https://notcve.org/view.php?id=CVE-2012-1887
Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." Vulnerabilidad de uso después de la liberación en Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1, y Office 2008 y 2011 para Mac, permite a atacantes remotos producir una ejecución de código mediante una hoja de cálculo manipulada, también conocido como "Excel SST Invalid Length Use After Free Vulnerability." • http://www.securityfocus.com/bid/56430 http://www.securitytracker.com/id?1027752 http://www.us-cert.gov/cas/techalerts/TA12-318A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/78074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15970 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 95%CPEs: 9EXPL: 0CVE-2012-1885
https://notcve.org/view.php?id=CVE-2012-1885
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Office 2008 y 2011 para Mac; y Office Compatibility Pack SP2 y SP3 ,permite a atacantes remotos ejecutar código arbitrario mediante una hoja de cálculo manipulada.También conocido como "Excel SerAuxErrBar Heap Overflow Vulnerability." • http://www.securityfocus.com/bid/56425 http://www.securitytracker.com/id?1027752 http://www.us-cert.gov/cas/techalerts/TA12-318A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/78072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 74%CPEs: 3EXPL: 0CVE-2012-2524
https://notcve.org/view.php?id=CVE-2012-2524
Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." Microsoft Office 2007 SP2 y SP3 y 2010 SP1 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado Computer Graphics Metafile (CGM), también conocido como "CGM File Format Memory Corruption Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA12-227A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15702 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 34EXPL: 0CVE-2012-1856 – Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1856
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." El control TabStrip ActiveX en Common Controls en MSCOMCTL.OCX en Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 y SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, y R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, y Visual Basic 6.0 Runtime permite a atacantes remotos ejecutar código de su elección a través de (1) un documento o (2) página web que provoca una corrupción del estado del sistema, también conocido como 'MSCOMCTL.OCX RCE Vulnerability.' The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption. • http://www.securityfocus.com/bid/54948 http://www.us-cert.gov/cas/techalerts/TA12-227A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447 • CWE-94: Improper Control of Generation of Code ('Code Injection') •