CVSS: 9.3EPSS: 95%CPEs: 9EXPL: 1CVE-2015-2520 – Microsoft Office 2007 - BIFFRecord Length Use-After-Free
https://notcve.org/view.php?id=CVE-2015-2520
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Vulnerabilidad en Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel para Mac 2011 y 2016, Office Compatibility Pack SP3 y Excel Viewer, permite a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como 'Microsoft Office Memory Corruption Vulnerability.' A use-after-free crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013. • https://www.exploit-db.com/exploits/38215 http://www.securitytracker.com/id/1033488 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 5EXPL: 1CVE-2015-2545 – Microsoft Office Malformed EPS File Vulnerability
https://notcve.org/view.php?id=CVE-2015-2545
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability." Vulnerabilidad en Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1 y 2013 RT SP1, permite a atacantes remotos ejecutar código arbitrario a través de una imagen EPS manipulada, también conocida como 'Microsoft Office Malformed EPS File Vulnerability.' Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. • http://blog.morphisec.com/exploit-bypass-emet-cve-2015-2545 http://www.securitytracker.com/id/1033488 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 96%CPEs: 5EXPL: 1CVE-2015-2521 – Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
https://notcve.org/view.php?id=CVE-2015-2521
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Vulnerabilidad en Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3 y Excel Viewer, permite a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como 'Microsoft Office Memory Corruption Vulnerability.' A type confusion crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013. • https://www.exploit-db.com/exploits/38216 http://www.securitytracker.com/id/1033488 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 9EXPL: 1CVE-2015-2523 – Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
https://notcve.org/view.php?id=CVE-2015-2523
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Vulnerabilidad en Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel para Mac 2011 y 2016, Office Compatibility Pack SP3 y Excel Viewer, permite a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como 'Microsoft Office Memory Corruption Vulnerability.' Microsoft Excel 2007 running on Windows 2003 suffers from a use-after-free vulnerability. • https://www.exploit-db.com/exploits/38214 http://www.securitytracker.com/id/1033488 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 73%CPEs: 10EXPL: 1CVE-2015-2510 – Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
https://notcve.org/view.php?id=CVE-2015-2510
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability." Vulnerabilidad de desbordamiento de Buffer en Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1 y Live Meeting 2007 Console, permite a atacantes remotos ejecutar código arbitrario a través de una fuente OpenType manipulada, también conocida como 'Graphics Component Buffer Overflow Vulnerability.' A bounds check crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013. • https://www.exploit-db.com/exploits/38217 http://www.securityfocus.com/bid/76593 http://www.securitytracker.com/id/1033485 http://www.securitytracker.com/id/1033500 http://www.securitytracker.com/id/1033501 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •