CVSS: 9.3EPSS: 95%CPEs: 13EXPL: 1CVE-2017-11826 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11826
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 y 2013, Word Viewer, Word 2007, 2010, 2013 y 2016, Word Automation Services y Office Online Server permiten la ejecución remota de código cuando el software no gestiona correctamente objetos en la memoria. A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. • https://github.com/thatskriptkid/CVE-2017-11826 http://www.securityfocus.com/bid/101219 http://www.securitytracker.com/id/1039541 https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 11EXPL: 0CVE-2017-8742
https://notcve.org/view.php?id=CVE-2017-8742
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743. Existe una vulnerabilidad de ejecución remota de código en Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2 y Microsoft Office Compatibility Pack Service Pack 3 cuando manejan incorrectamente objetos en la memoria. Esto también se conoce como "PowerPoint Remote Code Execution Vulnerability" El ID de este CVE es distinto a CVE-2017-8743. • http://www.securityfocus.com/bid/100741 http://www.securitytracker.com/id/1039323 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 24%CPEs: 12EXPL: 0CVE-2017-8501
https://notcve.org/view.php?id=CVE-2017-8501
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502. Microsoft Office permite una vulnerabilidad de ejecución remota de código debido a la forma en la que gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-8502. • http://www.securityfocus.com/bid/99441 http://www.securitytracker.com/id/1038851 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 11%CPEs: 12EXPL: 0CVE-2017-8512
https://notcve.org/view.php?id=CVE-2017-8512
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el programa no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Office Remote Code Execution Vulnerability". Este ID de CVE es diferente de los CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260 y CVE-2017-8506. • http://www.securityfocus.com/bid/98816 http://www.securitytracker.com/id/1038668 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512 •
CVSS: 9.3EPSS: 18%CPEs: 2EXPL: 0CVE-2017-8513
https://notcve.org/view.php?id=CVE-2017-8513
A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability". Se presenta una vulnerabilidad de ejecución de código remota en Microsoft PowerPoint cuando el software no maneja apropiadamente los objetos en la memoria, también se conoce como "Microsoft PowerPoint Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/98830 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •