CVSS: 9.3EPSS: 31%CPEs: 14EXPL: 0CVE-2017-0281
https://notcve.org/view.php?id=CVE-2017-0281
12 May 2017 — Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This C... • http://www.securityfocus.com/bid/98297 •
CVSS: 9.3EPSS: 94%CPEs: 11EXPL: 35CVE-2017-0199 – Microsoft Office and WordPad Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0199
12 Apr 2017 — Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8.1 permiten a at... • https://packetstorm.news/files/id/142211 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7275
https://notcve.org/view.php?id=CVE-2016-7275
20 Dec 2016 — Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1 y 2016 no maneja adecuadamente la carga de la librería, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Microsoft Office OLE DLL Side Loading Vulnerability". • http://www.securityfocus.com/bid/94665 • CWE-19: Data Processing Errors CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 11%CPEs: 5EXPL: 0CVE-2016-7276
https://notcve.org/view.php?id=CVE-2016-7276
20 Dec 2016 — Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office para Mac 2011 y Office 2016 para Mac permiten a atacantes remotos obtener información sensible desde la memoria de proceso o pro... • http://www.securityfocus.com/bid/94666 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 18%CPEs: 5EXPL: 0CVE-2016-7298
https://notcve.org/view.php?id=CVE-2016-7298
20 Dec 2016 — Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office para Mac 2011y Office 2016 para Mac permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un... • http://www.securityfocus.com/bid/94720 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 31%CPEs: 4EXPL: 0CVE-2016-7245
https://notcve.org/view.php?id=CVE-2016-7245
10 Nov 2016 — Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1 y Office 2016 permiten a atacantes remotos ejecutar un código arbitrario a través de un documento Office manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerabi... • http://www.securityfocus.com/bid/94026 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 78%CPEs: 10EXPL: 0CVE-2016-7193 – Microsoft Office Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2016-7193
14 Oct 2016 — Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Word ... • http://www.securityfocus.com/bid/93372 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 6%CPEs: 2EXPL: 0CVE-2016-0137
https://notcve.org/view.php?id=CVE-2016-0137
14 Sep 2016 — The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass." La implementación Click-to-Run (C2R) en Microsoft Office 2013 SP1 y 2016 permite a usuarios locales eludir el mecanismo de protección ASLR a través de una aplicación manipulada, vulnerabilidad también conocida como "Microsoft APP-V ASLR Bypass". • http://www.securityfocus.com/bid/92785 • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 7%CPEs: 5EXPL: 0CVE-2016-0141
https://notcve.org/view.php?id=CVE-2016-0141
14 Sep 2016 — The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability." Las macros de Visual Basic en Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1 y 2016 exportan una clave privada del certificado de almacenamiento durante una operación de guardado de documento, lo que permite a atacantes obt... • http://www.securityfocus.com/bid/92903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 29%CPEs: 11EXPL: 2CVE-2016-3357 – Microsoft Office PowerPoint 2010 - Invalid Pointer Reference
https://notcve.org/view.php?id=CVE-2016-3357
14 Sep 2016 — Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corrup... • https://packetstorm.news/files/id/138807 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •