CVSS: 9.3EPSS: 97%CPEs: 20EXPL: 3CVE-2012-0158 – Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0158
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." Los controles ActiveX (1) ListView, (2) ListView2, (3) TreeView, y (4) TreeView2 en MSCOMCTL.OCX en the Common Controls en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, y 2008 SP2, SP3, y R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, y 2009 Gold y R2; Visual FoxPro 8.0 SP1 y 9.0 SP2; y Visual Basic 6.0 Runtime permita a atacantes remotos ejecutar código a través de la manipulación de: (a) sitios web, (b) documento de Office, o (c) fichero .rtf que provoca una corrupción "system state", como la explotada en April del 2012, también conocida como vulnerabilidad "MSCOMCTL.OCX RCE". Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user. • https://www.exploit-db.com/exploits/18780 https://github.com/Sunqiz/CVE-2012-0158-reproduction https://github.com/RobertoLeonFR-ES/Exploit-Win32.CVE-2012-0158.F.doc http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-by-chris-pierce http://www.securityfocus.com/bid/52911 http://www.securitytracker.com/id?1026899 http://www.securitytracker.com/id?1026900 http://www.securitytracker.com/id?1026902 http://www.securitytracker.com/id?1026903 http://www.secur • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 95%CPEs: 7EXPL: 0CVE-2011-1983 – Microsoft Office Word Hidden Border Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1983
Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." Una vulnerabilidad de uso después de liberación en Microsoft Office 2007 SP2 y SP3, Office 2010 Gold y SP1, y Office 2011 para Mac permite a atacantes remotos ejecutar código de su elección a través de un documento de Word específicamente modificado para tal fin. Se trata de un problema también conocido como "vulnerabilidad de uso después de liberación de Microsoft Word". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word 2007/2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles a border containing a specific property. • http://www.securitytracker.com/id?1026409 http://www.us-cert.gov/cas/techalerts/TA11-347A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14197 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14558 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 94%CPEs: 23EXPL: 0CVE-2011-1989 – Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2011-1989
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability." Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Service Pack 1 Gold y SP1; Excel en Office 2010 Service Pack 1 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, Servicios de Excel en Office SharePoint Server 2007 SP2, Servicios de Excel en Office SharePoint Server 2010 Gold y SP1, y Excel Web Access 2010 Gold y SP1 no analizan correctamente las expresiones condicionales asociadas con requisitos de formato, lo que permite a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo debidamente modificada. Es un problema también conocido como "Vulnerabilidad de análisis de expresiones condicionales de Excel". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses expressions used for determining formatting requirements. • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 81%CPEs: 2EXPL: 0CVE-2011-1980
https://notcve.org/view.php?id=CVE-2011-1980
Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." Vulnerabilidad de ruta de búsqueda no confiable en Microsoft Office 2003 Service Pack 3 y Service Pack 2 de 2007 permite a usuarios locales conseguir privilegios a través de un DLL troyano en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo .doc, .ppt o .xls. Se trata de un problema también conocido como "Vulnerabilidad de carga de librerías inseguras de componentes de Office. " • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12694 •
CVSS: 9.3EPSS: 90%CPEs: 5EXPL: 0CVE-2011-1982
https://notcve.org/view.php?id=CVE-2011-1982
Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." Microsoft Office 2007 SP2 y 2010 Gold y SP1, no inicializa un puntero a un objeto no especificado durante la apertura de documentos de Word, lo que permite a atacantes remotos ejecutar código de su elección mediante un documento debidamente modificado. Es un problema también conocido como "Vulnerabilidad de puntero no inicializado de Office". • http://www.kb.cert.org/vuls/id/909022 http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12243 • CWE-20: Improper Input Validation •