CVSS: 9.3EPSS: 90%CPEs: 10EXPL: 0CVE-2012-2528
https://notcve.org/view.php?id=CVE-2012-2528
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Word 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Word Viewer; Office Compatibility Pack SP2 y SP3; Word Automation Services en Microsoft SharePoint Server 2010; y Office Web Apps 2010 SP1, permite a atacantes remotos ejecutar código de su elección a través de un documento RTF modificado, también conocido como "RTF File listid Use-After-Free Vulnerability." • http://www.securityfocus.com/bid/55781 http://www.us-cert.gov/cas/techalerts/TA12-283A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 95%CPEs: 6EXPL: 0CVE-2012-0183 – Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0183
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." Microsoft Word 2003 SP3 y 2007 SP2 y SP3, Office 2008 y 2011 para Mac, y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante datos RTF manipulados, también conocido como "Vulnerabilidad RTF" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. • http://secunia.com/advisories/49111 http://www.securityfocus.com/bid/53344 http://www.securitytracker.com/id?1027035 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029 https://exchange.xforce.ibmcloud.com/vulnerabilities/75122 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327 •
CVSS: 9.3EPSS: 64%CPEs: 2EXPL: 0CVE-2010-2747
https://notcve.org/view.php?id=CVE-2010-2747
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." Microsoft Word 2002 SP3 y Office 2004 para Mac no maneja adecuadamente los punteros no inicializados durante el parseo de un documento Word, lo que permite a atacantes remotos ejecutar código de su elecci´no a través de documentos manipulados que provocan una corrupción de memoria, también conocido como "Vulnerabilidad de puntero no inicializado en Word". • http://www.securityfocus.com/archive/1/514310/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7121 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 68%CPEs: 2EXPL: 0CVE-2010-2748
https://notcve.org/view.php?id=CVE-2010-2748
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." Microsoft Word 2002 SP3 y Office 2004 para Mac no comprueba adecuadamente un límite sin especificar durante el análisis de un documento Word, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento manipulado lo que provocará una corrupción de memoria, también conocido como "Vulnerabilidad Word Boundary Check" • http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7375 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 89%CPEs: 2EXPL: 0CVE-2010-2750
https://notcve.org/view.php?id=CVE-2010-2750
Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." Error de índice de matriz en Word 2002 SP3 y Office 2004, de Microsoft para Mac, permite a los atacantes remotos ejecutar código arbitrario por medio de un documento de Word especialmente diseñado que desencadena corrupción en memoria, también se conoce como "Word Index Vulnerability". • http://www.securityfocus.com/archive/1/514292/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7582 • CWE-94: Improper Control of Generation of Code ('Code Injection') •