CVSS: 9.3EPSS: 92%CPEs: 34EXPL: 0CVE-2012-1856 – Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1856
15 Aug 2012 — The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via... • http://www.securityfocus.com/bid/54948 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 1%CPEs: 9EXPL: 0CVE-2012-1854
https://notcve.org/view.php?id=CVE-2012-1854
10 Jul 2012 — Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. Vulnerabilidad de búsq... • http://www.us-cert.gov/cas/techalerts/TA12-192A.html •
CVSS: 9.3EPSS: 93%CPEs: 29EXPL: 3CVE-2012-1889 – Microsoft XML Core Services Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-1889
13 Jun 2012 — Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web modificado. Microsoft XML Core Services cont... • https://www.exploit-db.com/exploits/19186 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 60%CPEs: 9EXPL: 0CVE-2012-0141
https://notcve.org/view.php?id=CVE-2012-0141
09 May 2012 — Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente memoria d... • http://secunia.com/advisories/49112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 61%CPEs: 9EXPL: 0CVE-2012-0142
https://notcve.org/view.php?id=CVE-2012-0142
09 May 2012 — Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no maneja cor... • http://secunia.com/advisories/49112 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 71%CPEs: 2EXPL: 0CVE-2012-0143
https://notcve.org/view.php?id=CVE-2012-0143
09 May 2012 — Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." Microsoft Excel 2003 SP3 y Office 2008 para Mac no manejan correctamente la memoria durante la apertura de archivos, permitiendo a atacantes remotos ejecutar código arbitrario a través de una hoja de cálculo manipulada, también conocido como "Vuln... • http://secunia.com/advisories/49112 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 66%CPEs: 28EXPL: 0CVE-2012-0159 – Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)
https://notcve.org/view.php?id=CVE-2012-0159
09 May 2012 — Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Wind... • http://secunia.com/advisories/49121 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 62%CPEs: 7EXPL: 0CVE-2012-0165
https://notcve.org/view.php?id=CVE-2012-0165
09 May 2012 — GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." GDI+ en Microsoft Windows Vista SP2 y Server 2008 SP2 y Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1 no valida correctamente los tipos de registro en imágenes EMF, lo que permite a atacantes remotos ejecutar código arbi... • http://secunia.com/advisories/49121 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 65%CPEs: 3EXPL: 0CVE-2012-0167
https://notcve.org/view.php?id=CVE-2012-0167
09 May 2012 — Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en la librería Office GDI+ en Microsoft Office 2003 SP3 y 2007 SP2 y SP3 permite a atacantes remotos ejecutar código arbitrario mediante una imagen EMF manipulada en un documento de Office, también conocido como "Vulnera... • http://secunia.com/advisories/49121 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 58%CPEs: 6EXPL: 0CVE-2012-0183 – Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0183
09 May 2012 — Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." Microsoft Word 2003 SP3 y 2007 SP2 y SP3, Office 2008 y 2011 para Mac, y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante datos R... • http://secunia.com/advisories/49111 •