CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-11820
https://notcve.org/view.php?id=CVE-2017-11820
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777. Microsoft SharePoint Enterprise Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten que un atacante explote una vulnerabilidad de Cross-Site Scripting (XSS) enviando una petición especialmente manipulada a un servidor SharePoint afectado debido a cómo sanitiza el servidor SharePoint las peticiones web, lo que también se conoce como "Microsoft Office SharePoint XSS Vulnerability". El ID de este CVE es diferente de CVE-2017-11775 y CVE-2017-11777. • http://www.securityfocus.com/bid/101097 http://www.securitytracker.com/id/1039540 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11820 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 94%CPEs: 13EXPL: 1CVE-2017-11826 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11826
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 y 2013, Word Viewer, Word 2007, 2010, 2013 y 2016, Word Automation Services y Office Online Server permiten la ejecución remota de código cuando el software no gestiona correctamente objetos en la memoria. A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. • https://github.com/thatskriptkid/CVE-2017-11826 http://www.securityfocus.com/bid/101219 http://www.securitytracker.com/id/1039541 https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 11EXPL: 0CVE-2017-8742
https://notcve.org/view.php?id=CVE-2017-8742
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743. Existe una vulnerabilidad de ejecución remota de código en Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2 y Microsoft Office Compatibility Pack Service Pack 3 cuando manejan incorrectamente objetos en la memoria. Esto también se conoce como "PowerPoint Remote Code Execution Vulnerability" El ID de este CVE es distinto a CVE-2017-8743. • http://www.securityfocus.com/bid/100741 http://www.securitytracker.com/id/1039323 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8514
https://notcve.org/view.php?id=CVE-2017-8514
An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". Se presenta una vulnerabilidad de divulgación de información cuando el programa Microsoft SharePoint no puede desinfectar apropiadamente las peticiones especialmente creadas, también se conoce como "Microsoft SharePoint Reflective XSS Vulnerability". • http://www.securityfocus.com/bid/98831 http://www.securitytracker.com/id/1038663 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 11%CPEs: 12EXPL: 0CVE-2017-8512
https://notcve.org/view.php?id=CVE-2017-8512
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Office cuando el programa no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Office Remote Code Execution Vulnerability". Este ID de CVE es diferente de los CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260 y CVE-2017-8506. • http://www.securityfocus.com/bid/98816 http://www.securitytracker.com/id/1038668 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512 •