CVSS: 9.3EPSS: 95%CPEs: 9EXPL: 1CVE-2015-2523 – Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
https://notcve.org/view.php?id=CVE-2015-2523
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Vulnerabilidad en Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel para Mac 2011 y 2016, Office Compatibility Pack SP3 y Excel Viewer, permite a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como 'Microsoft Office Memory Corruption Vulnerability.' Microsoft Excel 2007 running on Windows 2003 suffers from a use-after-free vulnerability. • https://www.exploit-db.com/exploits/38214 http://www.securitytracker.com/id/1033488 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 36EXPL: 0CVE-2015-2423
https://notcve.org/view.php?id=CVE-2015-2423
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability." Vulnerabilidad en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1 e Internet Explorer 7 hasta la versión 11, permite a atacantes remotos obtener privilegios e información sensible a través de un parámetro de línea de comandos manipulado para una aplicación de Office o Notepad, según lo demostrado en una transición desde Low Integrity hasta Medium Integrity, también conocida como 'Unsafe Command Line Parameter Passing Vulnerability.' • http://www.securitytracker.com/id/1033237 http://www.securitytracker.com/id/1033239 http://www.securitytracker.com/id/1033248 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 31%CPEs: 8EXPL: 0CVE-2007-3890
https://notcve.org/view.php?id=CVE-2007-3890
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. Microsoft Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP2, y Office 2004 para Mac permite a atacantes remotos ejecutar código de su elección mediante un Espacio de Trabajo (Workspace) con un determinado valor de índice que dispara una corrupción de memoria. • http://secunia.com/advisories/26145 http://www.securityfocus.com/bid/25280 http://www.securitytracker.com/id?1018561 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2868 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2149 •
CVSS: 5.1EPSS: 61%CPEs: 6EXPL: 0CVE-2006-3875
https://notcve.org/view.php?id=CVE-2006-3875
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. Vulnerabilidad no especificada en Microsoft Excel 2000, 2002, 2003, 2004 para Mac, v.X para Mac, y Excel Viewer 2003 permite a atacantes con la complicidad del usuario ejecutar código de su elección mediante un registro COLINFO artesanal en un fichero XLS, una vulnerabilidad diferente que CVE-2006-2387 y CVE-2006-3867. • http://securitytracker.com/id?1017031 http://www.kb.cert.org/vuls/id/252500 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20391 http://www.vupen.com/english/advisories/2006/3978 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A486 •
CVSS: 5.1EPSS: 61%CPEs: 6EXPL: 0CVE-2006-3867
https://notcve.org/view.php?id=CVE-2006-3867
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. Vulnerabilidad no especificada en Microsoft Excel 2000, 2002, 2003, 2004 para Mac, v.X para Mac, y Excel Viewer 2003 permite a atacantes con la complicidad del usuario ejecutar código de su elección mediante un fichero Lotus 1-2-3 artesanal, una vulnerabilidad diferente que CVE-2006-2387 y CVE-2006-3875. • http://securitytracker.com/id?1017031 http://www.kb.cert.org/vuls/id/821772 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20345 http://www.vupen.com/english/advisories/2006/3978 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A481 •