CVSS: 9.3EPSS: 24%CPEs: 8EXPL: 0CVE-2017-8632
https://notcve.org/view.php?id=CVE-2017-8632
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744. Existe una vulnerabilidad de ejecución remota de código en Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3 cuando no se gestionan correctamente los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-8630, CVE-2017-8631, y CVE-2017-8744. • http://www.securityfocus.com/bid/100734 http://www.securitytracker.com/id/1039315 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 20%CPEs: 11EXPL: 0CVE-2017-8511
https://notcve.org/view.php?id=CVE-2017-8511
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el software no maneja apropiadamente los objetos en la memoria, también se conoce como "Office Remote Code Execution Vulnerability". El ID de este CVE es diferente de CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260 y CVE-2017-8506. • http://www.securityfocus.com/bid/98815 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511 •
CVSS: 9.3EPSS: 9%CPEs: 17EXPL: 0CVE-2017-8509
https://notcve.org/view.php?id=CVE-2017-8509
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el software no maneja apropiadamente los objetos en la memoria, también se conoce como "Office Remote Code Execution Vulnerability". El ID de este CVE es diferente de CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260 y CVE-2017-8506. • http://www.securityfocus.com/bid/98812 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 •
CVSS: 5.5EPSS: 93%CPEs: 7EXPL: 0CVE-2017-0105
https://notcve.org/view.php?id=CVE-2017-0105
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener información sensible de la memoria fuera de límites a través de un documento de Office manipulado, vulnerabilidad también conocida como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/96746 http://www.securitytracker.com/id/1038010 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-7257
https://notcve.org/view.php?id=CVE-2016-7257
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." El componente GDI en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Office para Mac 2011 y Office 2016 para Mac permite a atacantes remotos obtener información sensible desde la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "GDI Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94755 http://www.securitytracker.com/id/1037438 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-146 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •