CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-7257
https://notcve.org/view.php?id=CVE-2016-7257
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." El componente GDI en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Office para Mac 2011 y Office 2016 para Mac permite a atacantes remotos obtener información sensible desde la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "GDI Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94755 http://www.securitytracker.com/id/1037438 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-146 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-7266
https://notcve.org/view.php?id=CVE-2016-7266
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer y Excel 2016 para Mac no maneja adecuadamente una comprobación de registro, lo que permite a atacantes remotos asistidos por usuario ejecutar comandos arbitrarios a través de contenido embebido manipulado en un documento, vulnerabilidad también conocida como "Microsoft Office Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/94662 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 1%CPEs: 9EXPL: 0CVE-2016-7265
https://notcve.org/view.php?id=CVE-2016-7265
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3 y Excel Services en SharePoint Server 2010 SP2 permiten a atacantes remotos obtener información sensible desde la memoria de proceso o provocar una denegación de servicio (lectura fuera de rángo) a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94721 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7275
https://notcve.org/view.php?id=CVE-2016-7275
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1 y 2016 no maneja adecuadamente la carga de la librería, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Microsoft Office OLE DLL Side Loading Vulnerability". • http://www.securityfocus.com/bid/94665 http://www.securitytracker.com/id/1037441 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 • CWE-19: Data Processing Errors CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 14%CPEs: 9EXPL: 0CVE-2016-7229
https://notcve.org/view.php?id=CVE-2016-7229
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/93995 http://www.securitytracker.com/id/1037246 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •