CVSS: 9.0EPSS: 1%CPEs: 24EXPL: 0CVE-2014-0251
https://notcve.org/view.php?id=CVE-2014-0251
Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability." Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 y SP2 y 2013 Gold y SP1; SharePoint Foundation 2010 SP1 y SP2 y 2013 Gold y SP1; Project Server 2010 SP1 y SP2 y 2013 Gold y SP1; Web Applications 2010 SP1 y SP2; Office Web Apps Server 2013 Gold y SP1; SharePoint Server 2013 Client Components SDK y SharePoint Designer 2007 SP3, 2010 SP1 y SP2 y 2013 Gold y SP1 permiten a usuarios remotos autenticados ejecutar código arbitrario a través de contenido manipulado de una página, también conocido como 'vulnerabilidad de contenido de página de SharePoint.' • http://www.securitytracker.com/id/1030227 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 63%CPEs: 17EXPL: 1CVE-2014-1761 – Microsoft Word Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1761
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014. Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013 y 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office para Mac 2011; Word Automation Services en SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2 y Office Web Apps Server 2013 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de datos RTF manipulados, tal y como fue explotado en marzo 2014. Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. • https://www.exploit-db.com/exploits/32793 http://technet.microsoft.com/security/advisory/2953095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 http://blogs.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-sophistication-attackers https://www.virustotal.com/en/file/e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a/analysis • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 44%CPEs: 13EXPL: 0CVE-2014-0260
https://notcve.org/view.php?id=CVE-2014-0260
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word 2003 Service Pack 3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; cOffice Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2, y Office Web Apps Server 2013 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado, también conocido como "Vulnerabilidad de corrupcion de memoria Word" • http://www.securitytracker.com/id/1029598 http://www.securitytracker.com/id/1029599 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 28%CPEs: 4EXPL: 0CVE-2013-5059
https://notcve.org/view.php?id=CVE-2013-5059
Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities." Microsoft SharePoint Server 2010 SP1 y SP2 y 2013, y Office Web Apps 2013, permite a atacantes remotos ejecutar código arbitrario a través de un contenido de página manipulado, también conocido como "Vulnerabilidades de contenido SharePoint". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 88%CPEs: 18EXPL: 0CVE-2013-3889
https://notcve.org/view.php?id=CVE-2013-3889
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability." Microsoft Excel 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office para Mac 2011; Excel Viewer; Office Compatibility Pack SP3; y Excel Services y Word Automation Services en SharePoint Server 2013 permite a atacantes remotos ejecutar código arbitrario a través de documentos Office manipulados, también conocida como "Vulnerabilidad de corrupción de memoria en Microsoft Excel". • http://www.us-cert.gov/ncas/alerts/TA13-288A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18901 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19132 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •