CVSS: 9.3EPSS: 95%CPEs: 6EXPL: 0CVE-2012-0183 – Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0183
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." Microsoft Word 2003 SP3 y 2007 SP2 y SP3, Office 2008 y 2011 para Mac, y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante datos RTF manipulados, también conocido como "Vulnerabilidad RTF" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. • http://secunia.com/advisories/49111 http://www.securityfocus.com/bid/53344 http://www.securitytracker.com/id?1027035 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029 https://exchange.xforce.ibmcloud.com/vulnerabilities/75122 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327 •
CVSS: 9.3EPSS: 93%CPEs: 10EXPL: 0CVE-2012-0184
https://notcve.org/view.php?id=CVE-2012-0184
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo hecha a mano, también conocido como "Vulnerabilidad de corrupción de memoria en Excel SXLI Record" • http://secunia.com/advisories/49112 http://www.securityfocus.com/bid/53375 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75117 https://oval.cisecurity.org/repository/sea • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 94%CPEs: 10EXPL: 0CVE-2012-1847 – Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1847
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 y 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo manipulada, también conocido como "Error de Análisis de Registros de Excel podría permitir la ejecución remota de código." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Series records. The code within Excel.exe makes an assumption about the data types within a Series record and can be made to write beyond the bounds of a heap buffer when a specific combination of fields are set to unexpected values. • http://secunia.com/advisories/49112 http://www.securityfocus.com/bid/53379 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75119 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15575 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 95%CPEs: 7EXPL: 0CVE-2012-0185
https://notcve.org/view.php?id=CVE-2012-0185
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Excel 2007 SP2 y SP3 y 2010 Gold y SP1, Excel Viewer, y Office Compatibility Pack SP2 y SP3, permite a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo manipulada que provoca el manejo incorrecto de la memoria durante su apertura, también conocido como "Excel MergeCells Record Heap Overflow Vulnerability." • http://secunia.com/advisories/49112 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/75118 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 93%CPEs: 4EXPL: 0CVE-2011-3413 – Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3413
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability." Microsoft PowerPoint 2007 SP2; Office 2008 para Mac; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP2; y PowerPoint Viewer 2007 SP2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un registro OfficeArt inválido en un documento PowerPoint. También conocida como "Vulnerabilidad RCE OfficeArt Shape". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. • http://www.us-cert.gov/cas/techalerts/TA11-347A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14581 • CWE-94: Improper Control of Generation of Code ('Code Injection') •