CVE-2016-7234
https://notcve.org/view.php?id=CVE-2016-7234
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel para Mac 2011, Word 2016 para Mac, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2010 SP2, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar un código arbitrario a través de un documento Office manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/94020 http://www.securitytracker.com/id/1037246 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1233 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7213
https://notcve.org/view.php?id=CVE-2016-7213
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/93993 http://www.securitytracker.com/id/1037246 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7228
https://notcve.org/view.php?id=CVE-2016-7228
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 para Mac y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/93994 http://www.securitytracker.com/id/1037246 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7245
https://notcve.org/view.php?id=CVE-2016-7245
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1 y Office 2016 permiten a atacantes remotos ejecutar un código arbitrario a través de un documento Office manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/94026 http://www.securitytracker.com/id/1037246 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3209 – Microsoft Windows - 'win32k.sys' TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120)
https://notcve.org/view.php?id=CVE-2016-3209
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." Graphics Device Interface (también conocido como GDI o GDI+) en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2 y 4.6; y Silverlight 5 permite a atacantes remotos eludir el mecanismo de protección ASLR a través de vectores no especificados, vulnerabilidad también conocida como "True Type Font Parsing Information Disclosure Vulnerability". Windows Kernel win32k.sys suffers from a TTF font procession out-of-bounds read in the RCVT TrueType instruction handler. • https://www.exploit-db.com/exploits/40598 http://www.securityfocus.com/bid/93385 http://www.securitytracker.com/id/1036988 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •