CVE-2017-8502
https://notcve.org/view.php?id=CVE-2017-8502
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501. Microsoft Office permite una vulnerabilidad de ejecución remota de código debido a la forma en la que gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-8501. • http://www.securityfocus.com/bid/99442 http://www.securitytracker.com/id/1038851 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8502 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-8510
https://notcve.org/view.php?id=CVE-2017-8510
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el programa no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Office Remote Code Execution Vulnerability". Este ID de CVE es diferente de los CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260 y CVE-2017-8506. • http://www.securityfocus.com/bid/98813 http://www.securitytracker.com/id/1038668 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510 •
CVE-2017-0020
https://notcve.org/view.php?id=CVE-2017-0020
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052 y CVE-2017-0053. • http://www.securityfocus.com/bid/96050 http://www.securitytracker.com/id/1038010 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-0027
https://notcve.org/view.php?id=CVE-2017-0027
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Services en SharePoint Server 2013 SP1 permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un documento de Office manipulado, vulnerabilidad también conocida como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/96043 http://www.securitytracker.com/id/1038010 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-7267
https://notcve.org/view.php?id=CVE-2016-7267
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1 y 2016 no analiza correctamente formatos de archivos, lo que facilita a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/94664 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-20: Improper Input Validation •