CVE-2021-40472 – Microsoft Excel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-40472
Microsoft Excel Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Microsoft Excel • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40472 •
CVE-2021-38655 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-38655
Microsoft Excel Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota en Microsoft Excel This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655 https://www.zerodayinitiative.com/advisories/ZDI-21-1080 • CWE-416: Use After Free •
CVE-2021-34451 – Microsoft Office Online Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-34451
Microsoft Office Online Server Spoofing Vulnerability Una vulnerabilidad de Suplantación de Identidad de Microsoft Office Online Server • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34451 •
CVE-2021-34501 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-34501
Microsoft Excel Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Excel . Este ID de CVE es diferente de CVE-2021-34518 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CONTINUEFRT12 records within XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34501 https://www.zerodayinitiative.com/advisories/ZDI-21-969 •
CVE-2021-31939 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31939
Microsoft Excel Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939 https://www.zerodayinitiative.com/advisories/ZDI-21-670 •