CVE-2017-0027
https://notcve.org/view.php?id=CVE-2017-0027
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Services en SharePoint Server 2013 SP1 permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un documento de Office manipulado, vulnerabilidad también conocida como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/96043 http://www.securitytracker.com/id/1038010 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0006
https://notcve.org/view.php?id=CVE-2017-0006
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer y Excel Services on SharePoint Server 2007 SP3 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052 y CVE-2017-0053. • http://www.securityfocus.com/bid/96740 http://www.securitytracker.com/id/1038010 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7264
https://notcve.org/view.php?id=CVE-2016-7264
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel para Mac 2011 y Excel 2016 para Mac permiten a atacantes remotos obtener información sensible desde la memoria de proceso o provocar una denegación de servicio (lectura fuera de rango) a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94769 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-125: Out-of-bounds Read •
CVE-2016-7262 – Microsoft Office Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-7262
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos asistidos por usuario ejecutar comandos arbitrarios a través de una célula manipulada que se maneja incorrectamente con un clic, vulnerabilidad también conocida como "Microsoft Office Security Feature Bypass Vulnerability". A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. • http://www.securityfocus.com/bid/94660 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-20: Improper Input Validation •
CVE-2016-7266
https://notcve.org/view.php?id=CVE-2016-7266
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer y Excel 2016 para Mac no maneja adecuadamente una comprobación de registro, lo que permite a atacantes remotos asistidos por usuario ejecutar comandos arbitrarios a través de contenido embebido manipulado en un documento, vulnerabilidad también conocida como "Microsoft Office Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/94662 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-20: Improper Input Validation •