CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51598 – Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51598
20 Dec 2023 — Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the objec... • https://www.zerodayinitiative.com/advisories/ZDI-23-1855 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50234 – Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50234
20 Dec 2023 — Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copyi... • https://www.zerodayinitiative.com/advisories/ZDI-23-1856 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50235 – Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50235
20 Dec 2023 — Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copyi... • https://www.zerodayinitiative.com/advisories/ZDI-23-1857 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-36565 – Microsoft Office Graphics Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36565
10 Oct 2023 — Microsoft Office Graphics Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Microsoft Office Graphics • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36565 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23391 – Office for Android Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-23391
14 Mar 2023 — Office for Android Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23391 • CWE-23: Relative Path Traversal •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33311
https://notcve.org/view.php?id=CVE-2022-33311
18 Aug 2022 — Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. Una vulnerabilidad de omisión de la restricción de navegación en Address Book de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado obtener los datos de la Libreta de direcciones por medio de vectores no especificados. • https://cs.cybozu.co.jp/2022/007584.html •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33151
https://notcve.org/view.php?id=CVE-2022-33151
18 Aug 2022 — Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de scripting en los parámetros específicos de Cybozu Office versiones 10.0.0 a 10.8.5, permite a atacantes remotos inyectar un script arbitrario por vectores no especificados. • https://cs.cybozu.co.jp/2022/007584.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32583
https://notcve.org/view.php?id=CVE-2022-32583
18 Aug 2022 — Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. Una vulnerabilidad de omisión de restricciones de operación en el Programador de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado alterar los datos del Programador por medio de vectores no especificados. • https://cs.cybozu.co.jp/2022/007584.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32544
https://notcve.org/view.php?id=CVE-2022-32544
18 Aug 2022 — Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. Una vulnerabilidad de omisión de restricciones de operación en Project de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado alterar los datos de Project por medio de vectores no especificados. • https://cs.cybozu.co.jp/2022/007584.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32453
https://notcve.org/view.php?id=CVE-2022-32453
18 Aug 2022 — HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors. Una vulnerabilidad de inyección de encabezado HTTP en Cybozu Office versiones 10.0.0 a 10.8.5, puede permitir a un atacante remoto obtener y/o alterar los datos del producto por medio de vectores no especificados. • https://cs.cybozu.co.jp/2022/007584.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •