CVE-2017-0027
https://notcve.org/view.php?id=CVE-2017-0027
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Services en SharePoint Server 2013 SP1 permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un documento de Office manipulado, vulnerabilidad también conocida como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/96043 http://www.securitytracker.com/id/1038010 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-7267
https://notcve.org/view.php?id=CVE-2016-7267
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1 y 2016 no analiza correctamente formatos de archivos, lo que facilita a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/94664 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-20: Improper Input Validation •
CVE-2016-7262 – Microsoft Office Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-7262
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos asistidos por usuario ejecutar comandos arbitrarios a través de una célula manipulada que se maneja incorrectamente con un clic, vulnerabilidad también conocida como "Microsoft Office Security Feature Bypass Vulnerability". A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. • http://www.securityfocus.com/bid/94660 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-20: Improper Input Validation •
CVE-2016-7266
https://notcve.org/view.php?id=CVE-2016-7266
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer y Excel 2016 para Mac no maneja adecuadamente una comprobación de registro, lo que permite a atacantes remotos asistidos por usuario ejecutar comandos arbitrarios a través de contenido embebido manipulado en un documento, vulnerabilidad también conocida como "Microsoft Office Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/94662 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-20: Improper Input Validation •
CVE-2016-7265
https://notcve.org/view.php?id=CVE-2016-7265
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3 y Excel Services en SharePoint Server 2010 SP2 permiten a atacantes remotos obtener información sensible desde la memoria de proceso o provocar una denegación de servicio (lectura fuera de rángo) a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94721 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-125: Out-of-bounds Read •