CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0850
https://notcve.org/view.php?id=CVE-2018-0850
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016 y Microsoft Office 2016 Click-to-Run permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se valida el formato de los mensajes entrantes. Esto también se conoce como "Microsoft Outlook Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/102866 http://www.securitytracker.com/id/1040382 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850 •
CVSS: 9.3EPSS: 5%CPEs: 8EXPL: 0CVE-2018-0851
https://notcve.org/view.php?id=CVE-2018-0851
Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852. Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 y RT SP1, Microsoft Office 2016 y Microsoft Office 2016 Click-to-Run (C2R) permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que Office gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2018-0852. • http://www.securityfocus.com/bid/102870 http://www.securitytracker.com/id/1040381 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 5%CPEs: 6EXPL: 0CVE-2018-0852
https://notcve.org/view.php?id=CVE-2018-0852
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851. Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 y RT SP1, Microsoft Outlook 2016 y Microsoft Office 2016 Click-to-Run (C2R) permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que Outlook gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2018-0851. • http://www.securityfocus.com/bid/102871 http://www.securitytracker.com/id/1040368 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 27%CPEs: 6EXPL: 0CVE-2018-0791
https://notcve.org/view.php?id=CVE-2018-0791
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013 y Microsoft Outlook 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se analizan los mensajes de email. Esto también se conoce como "Microsoft Outlook Remote Code Execution Vulnerability". Este CVE es diferente de CVE-2018-0793. • http://www.securityfocus.com/bid/102383 http://www.securitytracker.com/id/1040154 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791 •
CVSS: 9.3EPSS: 89%CPEs: 12EXPL: 0CVE-2015-1641 – Microsoft Office Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-1641
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, y Office Web Apps Server 2010 SP2 y 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento RTF manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Microsoft Office.' Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user. • http://www.securityfocus.com/bid/73995 http://www.securitytracker.com/id/1032104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 • CWE-787: Out-of-bounds Write •