CVSS: 9.3EPSS: 39%CPEs: 8EXPL: 0CVE-2015-6093 – Microsoft Office Word TTF Size Miscalculation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6093
10 Nov 2015 — Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services en SharePoint Server 2010 SP2 y ... • http://www.securityfocus.com/bid/77491 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 42%CPEs: 2EXPL: 0CVE-2015-2556
https://notcve.org/view.php?id=CVE-2015-2556
14 Oct 2015 — The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability." El componente InfoPath Forms Services en Microsoft SharePoint Server 2007 SP3 y 2010 SP2 no analiza correctamente la gramática de las DT... • http://www.securitytracker.com/id/1033804 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 33%CPEs: 14EXPL: 0CVE-2015-2558 – Microsoft Office Excel fileVersion Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2558
13 Oct 2015 — Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability." Vulnerabilidad de uso después de liberación de memoria en Microsoft Excel... • http://www.securitytracker.com/id/1033803 •
CVSS: 9.3EPSS: 58%CPEs: 13EXPL: 1CVE-2015-2468 – Microsoft Office 2007 - 'mso.dll' Arbitrary Free (MS15-081)
https://notcve.org/view.php?id=CVE-2015-2468
15 Aug 2015 — Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." Vulnerabilidad en Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Wor... • https://www.exploit-db.com/exploits/37912 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 15%CPEs: 7EXPL: 0CVE-2015-2375 – Microsoft Office Excel table Tag Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-2375
14 Jul 2015 — Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability." Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services en SharePoint Server 2010 SP2, y Excel Service en SharePoint Server 2013 SP1 permiten a atacant... • http://www.securitytracker.com/id/1032899 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 27%CPEs: 4EXPL: 0CVE-2015-1700
https://notcve.org/view.php?id=CVE-2015-1700
13 May 2015 — Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities." Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, y SharePoint Foundation 2013 SP1 permiten a usuarios remotos autenticados ejecutar código arbitrario a través del contenido de páginas mani... • http://www.securitytracker.com/id/1032296 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 40%CPEs: 11EXPL: 0CVE-2015-1649
https://notcve.org/view.php?id=CVE-2015-1649
14 Apr 2015 — Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack ... • http://www.securitytracker.com/id/1032104 •
CVSS: 9.3EPSS: 40%CPEs: 11EXPL: 0CVE-2015-1650 – Microsoft Word Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1650
14 Apr 2015 — Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Word 2007 SP3, Office 2010 ... • http://www.securitytracker.com/id/1032104 •
CVSS: 9.3EPSS: 93%CPEs: 12EXPL: 1CVE-2015-1641 – Microsoft Office Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-1641
14 Apr 2015 — Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compa... • https://github.com/Cyberclues/rtf_exploit_extractor • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 41%CPEs: 29EXPL: 0CVE-2015-0085 – Microsoft Word Format Tag Transposition Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0085
11 Mar 2015 — Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web A... • http://www.securitytracker.com/id/1031896 •