Page 43 of 557 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'. Se presenta una vulnerabilidad de omisión de la característica de seguridad cuando Microsoft Office maneja inapropiadamente la entrada, también se conoce como "Microsoft Office Security Feature Bypass Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1264 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. Se presenta una vulnerabilidad de divulgación de información cuando Microsoft Excel divulga inapropiadamente el contenido de su memoria, también se conoce como "Microsoft Excel Information Disclosure Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1263 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 1%CPEs: 24EXPL: 0

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. Se presenta una vulnerabilidad de ejecución de código remota cuando el Windows Jet Database Engine maneja inapropiadamente los objetos en la memoria, también se conoce como "Jet Database Engine Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE- 2019-1250. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1246 •

CVSS: 9.3EPSS: 4%CPEs: 8EXPL: 0

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Excel cuando el software no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Microsoft Excel Remote Code Execution Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Label records within XLS files. Crafted data in an XLS file can trigger a read past the end of an allocated buffer. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1297 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email. This update addresses the vulnerability by ensuring Office fully validates incoming email formatting before processing message content. Existe una vulnerabilidad de elevación de privilegios cuando Microsoft Outlook inicia el procesamiento de mensajes entrantes sin una comprobación suficiente del formato de los mensajes, también se conoce como "Microsoft Outlook Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1204 • CWE-20: Improper Input Validation •