CVE-2015-0085 – Microsoft Word Format Tag Transposition Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0085
Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold y SP1, Office 2013 RT Gold y SP1, Word 2013 RT Gold y SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold y SP1, Word Automation Services on SharePoint Server 2013 Gold y SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold y SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold y SP1, y SharePoint Server 2013 Gold y SP1 permite a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocido como 'vulnerabilidad del uso después de liberación de componentes de Microsoft Office.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the item1.xml file inside of the .docx package. By transposing elements, an attacker is able to cause a pointer to be re-used after it was freed. • http://www.securitytracker.com/id/1031896 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 •
CVE-2015-0097 – Microsoft Word - Local Machine Zone Code Execution (MS15-022)
https://notcve.org/view.php?id=CVE-2015-0097
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution Vulnerability." Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, y Word 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocido como 'vulnerabilidad de la ejejcución de código remoto de la zona local de Microsoft Word.' Microsoft Word, Excel, and Powerpoint 2007 contain a remote code execution vulnerability because it is possible to reference documents such as Works document (.wps) as HTML. It will process HTML and script code in the context of the local machine zone of Internet Explorer which leads to arbitrary code execution. By persuading users into opening eg. specially crafted .WPS, ".doc ", ".RTF " (with a space at the end) it is possible to trigger the vulnerability and run arbitrary code in the context of the logged on Windows user. • https://www.exploit-db.com/exploits/37657 http://www.securitytracker.com/id/1031896 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 • CWE-19: Data Processing Errors •
CVE-2011-3396
https://notcve.org/view.php?id=CVE-2011-3396
Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." Vulnerabilidad de ruta de búsqueda no confiable en Microsoft PowerPoint 2007 SP2 y 2010 permite a usuarios locales escalar privilegios a través de una DLL troyanizada en el directorio de trabajo actual. También conocida como "Vulnerabilidad de carga de librería insegura PowerPoint". • http://www.us-cert.gov/cas/techalerts/TA11-347A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14665 •
CVE-2011-3413 – Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3413
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability." Microsoft PowerPoint 2007 SP2; Office 2008 para Mac; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; y PowerPoint Viewer 2007 SP2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un registro OfficeArt inválido en un documento PowerPoint. También conocida como "Vulnerabilidad RCE OfficeArt Shape". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. • http://www.us-cert.gov/cas/techalerts/TA11-347A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-1269
https://notcve.org/view.php?id=CVE-2011-1269
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability." Microsoft PowerPoint 2002 SP3, 2003 SP3, y 2007 SP2; Office 2004 y 2008 para Mac; Open XML File Format Converter for Mac; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2 hace llamadas a funciones no especificadas durante el parseo de archivos sin manejar adecuadamente la memoria, lo que permite a atacantes remotos ejecutar código de su elección a través de documentos PoerPoint manipulados, también conocido como "Presentation Memory Corruption RCE Vulnerability." • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12438 • CWE-20: Improper Input Validation •