CVE-2016-0137
https://notcve.org/view.php?id=CVE-2016-0137
The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass." La implementación Click-to-Run (C2R) en Microsoft Office 2013 SP1 y 2016 permite a usuarios locales eludir el mecanismo de protección ASLR a través de una aplicación manipulada, vulnerabilidad también conocida como "Microsoft APP-V ASLR Bypass". • http://www.securityfocus.com/bid/92785 http://www.securitytracker.com/id/1036785 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 • CWE-254: 7PK - Security Features •
CVE-2016-3358
https://notcve.org/view.php?id=CVE-2016-3358
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Automation Services en SharePoint Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/92791 http://www.securitytracker.com/id/1036785 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1227 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3363
https://notcve.org/view.php?id=CVE-2016-3363
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3381. Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3 y Excel Viewer permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3381. • http://www.securityfocus.com/bid/92801 http://www.securitytracker.com/id/1036785 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 https://medium.com/%40steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3365 – Microsoft Office Excel Art Data Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3365
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362. Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Automation Services en SharePoint Server 2013 SP1 y Office Online Server permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3362. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of art data within a spreadsheet. The issue lies in the failure to properly validate user-supplied data which can result in a memory corruption condition. • http://www.securityfocus.com/bid/92804 http://www.securitytracker.com/id/1036785 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3313 – Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
https://notcve.org/view.php?id=CVE-2016-3313
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1 y 2016, Word 2016 para Mac y Word Viewer permiten a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado, también conocida como "Microsoft Office Memory Corruption Vulnerability". Microsoft Office Word versions 2007, 2010, 2013, and 2016 suffer from an out-of-bounds read that allows for remote code execution. This vulnerability is noted in MS16-099. • https://www.exploit-db.com/exploits/40224 http://www.securityfocus.com/bid/92289 http://www.securitytracker.com/id/1036559 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •