CVE-2012-0183 – Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0183
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." Microsoft Word 2003 SP3 y 2007 SP2 y SP3, Office 2008 y 2011 para Mac, y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante datos RTF manipulados, también conocido como "Vulnerabilidad RTF" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. • http://secunia.com/advisories/49111 http://www.securityfocus.com/bid/53344 http://www.securitytracker.com/id?1027035 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029 https://exchange.xforce.ibmcloud.com/vulnerabilities/75122 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327 •
CVE-2012-0184
https://notcve.org/view.php?id=CVE-2012-0184
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo hecha a mano, también conocido como "Vulnerabilidad de corrupción de memoria en Excel SXLI Record" • http://secunia.com/advisories/49112 http://www.securityfocus.com/bid/53375 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75117 https://oval.cisecurity.org/repository/sea • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-1847 – Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1847
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo manipulada, también conocido como "Error de Análisis de Registros de Excel podría permitir la ejecución remota de código." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Series records. The code within Excel.exe makes an assumption about the data types within a Series record and can be made to write beyond the bounds of a heap buffer when a specific combination of fields are set to unexpected values. • http://secunia.com/advisories/49112 http://www.securityfocus.com/bid/53379 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75119 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0158 – Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0158
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." Los controles ActiveX (1) ListView, (2) ListView2, (3) TreeView, y (4) TreeView2 en MSCOMCTL.OCX en the Common Controls en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, y 2008 SP2, SP3, y R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, y 2009 Gold y R2; Visual FoxPro 8.0 SP1 y 9.0 SP2; y Visual Basic 6.0 Runtime permita a atacantes remotos ejecutar código a través de la manipulación de: (a) sitios web, (b) documento de Office, o (c) fichero .rtf que provoca una corrupción "system state", como la explotada en April del 2012, también conocida como vulnerabilidad "MSCOMCTL.OCX RCE". Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user. • https://www.exploit-db.com/exploits/18780 https://github.com/Sunqiz/CVE-2012-0158-reproduction https://github.com/RobertoLeonFR-ES/Exploit-Win32.CVE-2012-0158.F.doc http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-by-chris-pierce http://www.securityfocus.com/bid/52911 http://www.securitytracker.com/id?1026899 http://www.securitytracker.com/id?1026900 http://www.securitytracker.com/id?1026902 http://www.securitytracker.com/id?1026903 http://www.secur • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-3413 – Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3413
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability." Microsoft PowerPoint 2007 SP2; Office 2008 para Mac; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; y PowerPoint Viewer 2007 SP2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un registro OfficeArt inválido en un documento PowerPoint. También conocida como "Vulnerabilidad RCE OfficeArt Shape". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. • http://www.us-cert.gov/cas/techalerts/TA11-347A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581 • CWE-94: Improper Control of Generation of Code ('Code Injection') •