CVSS: 9.3EPSS: 95%CPEs: 9EXPL: 0CVE-2012-2539 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2539
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability." Microsoft Word 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Word Viewer; Office Compatibility Pack SP2 y SP3; y Office Web Apps 2010 SP1 permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de datos RTF modificados, alias "Word RTF 'listoverridecount' Remote Code Execution Vulnerability." Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data. • http://www.us-cert.gov/cas/techalerts/TA12-346A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 94%CPEs: 8EXPL: 0CVE-2012-1886
https://notcve.org/view.php?id=CVE-2012-1886
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Excel Viewer; y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos a ejecutar código provocar una denegación de servicio (corrupción de memoria) a través de una hoja de cálculo manipulada, también conocido como "Excel Memory Corruption Vulnerability." • http://www.securityfocus.com/bid/56426 http://www.securitytracker.com/id?1027752 http://www.us-cert.gov/cas/techalerts/TA12-318A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/78073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 9EXPL: 0CVE-2012-1885
https://notcve.org/view.php?id=CVE-2012-1885
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Office 2008 y 2011 para Mac; y Office Compatibility Pack SP2 y SP3 ,permite a atacantes remotos ejecutar código arbitrario mediante una hoja de cálculo manipulada.También conocido como "Excel SerAuxErrBar Heap Overflow Vulnerability." • http://www.securityfocus.com/bid/56425 http://www.securitytracker.com/id?1027752 http://www.us-cert.gov/cas/techalerts/TA12-318A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/78072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15752 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15916 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 93%CPEs: 7EXPL: 0CVE-2012-1887
https://notcve.org/view.php?id=CVE-2012-1887
Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." Vulnerabilidad de uso después de la liberación en Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1, y Office 2008 y 2011 para Mac, permite a atacantes remotos producir una ejecución de código mediante una hoja de cálculo manipulada, también conocido como "Excel SST Invalid Length Use After Free Vulnerability." • http://www.securityfocus.com/bid/56430 http://www.securitytracker.com/id?1027752 http://www.us-cert.gov/cas/techalerts/TA12-318A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/78074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15970 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 90%CPEs: 10EXPL: 0CVE-2012-2528
https://notcve.org/view.php?id=CVE-2012-2528
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Word 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Word Viewer; Office Compatibility Pack SP2 y SP3; Word Automation Services en Microsoft SharePoint Server 2010; y Office Web Apps 2010 SP1, permite a atacantes remotos ejecutar código de su elección a través de un documento RTF modificado, también conocido como "RTF File listid Use-After-Free Vulnerability." • http://www.securityfocus.com/bid/55781 http://www.us-cert.gov/cas/techalerts/TA12-283A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680 • CWE-399: Resource Management Errors •