CVE-2013-3906 – Microsoft Graphics Component Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2013-3906
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013. El componente GDI + de Microsoft Windows Vista SP2 y Server 2008 SP2, Office 2003 SP3, 2007 SP3 y 2010 SP1 y SP2, Office Compatibility Pack SP3 y Lync 2010, 2010 Attende, 2.013 y Basic 2013 permite a atacantes remotos ejecutar código arbitrario a través de una imagen TIFF manipulada, como se ha demuestrado por exploits relaizados en octubre y noviembre de 2013 al abrir una imagen en un documento Word. Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution. • https://www.exploit-db.com/exploits/30011 http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2 http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx http://technet.microsoft.com/security/advisory/2896666 http://www.exploit-db.com/exploits/30011 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-3891
https://notcve.org/view.php?id=CVE-2013-3891
Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability." Microsoft Word 2003 SP3 permite a atacantes remotos ejecutar código arbitrario a través de documentos Office diseñados, también conocida como "Vulnerabilidad de Corrupción de Memoria". • http://www.us-cert.gov/ncas/alerts/TA13-288A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18643 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3847
https://notcve.org/view.php?id=CVE-2013-3847
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado. Aka "Word Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2013-3848, CVE-2013-3849, y CVE-2013-3858. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3849
https://notcve.org/view.php?id=CVE-2013-3849
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupcion de memoria) a través de un documento de Office manipulado . Conocido también como "Vulnerabilidad de Corrupción de Memoria en Word". Vulnerabilidad diferente a CVE-2013-3847, CVE-2013-3848, y CVE-2013-3858. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3850
https://notcve.org/view.php?id=CVE-2013-3850
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word 2003 SP3, 2007 SP3, y 2010 SP1 y SP2; Office Compatibility Pack SP3; y Word Viewer permiten a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, tambien conocida como "Vulnerabilidad de Corrupción de Memoria en Word". • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18753 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •