CVE-2018-0922
https://notcve.org/view.php?id=CVE-2018-0922
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 y Microsoft Word 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/103314 http://www.securitytracker.com/id/1040511 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 • CWE-787: Out-of-bounds Write •
CVE-2018-0919
https://notcve.org/view.php?id=CVE-2018-0919
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability". Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 y Microsoft Word 2016 permiten una vulnerabilidad de divulgación de información debido a la forma en la que se inicializan las variables. Estot ambién se conoce como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/103311 http://www.securitytracker.com/id/1040526 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVE-2018-0797
https://notcve.org/view.php?id=CVE-2018-0797
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability". Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestiona el contenido RTF. Esto también se conoce como "Microsoft Word Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/102406 http://www.securitytracker.com/id/1040153 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 • CWE-787: Out-of-bounds Write •
CVE-2017-11826 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11826
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 y 2013, Word Viewer, Word 2007, 2010, 2013 y 2016, Word Automation Services y Office Online Server permiten la ejecución remota de código cuando el software no gestiona correctamente objetos en la memoria. A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. • https://github.com/thatskriptkid/CVE-2017-11826 http://www.securityfocus.com/bid/101219 http://www.securitytracker.com/id/1039541 https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-8696
https://notcve.org/view.php?id=CVE-2017-8696
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution." El componente Uniscribe de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 y 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee y Live Meeting 2007 Add-in y Console permite que un atacante ejecute código remotamente mediante una página web, un documento o archivo de correo adjunto especialmente manipulados. Esto también se conoce como "Microsoft Graphics Component Remote Code Execution". • http://www.securityfocus.com/bid/100780 http://www.securitytracker.com/id/1039344 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •